Customer Story
Solutions at-a-Glance
Trust framework allows banks and third parties to interact securely.
CIAM stack meets the rigors of financial-grade security that banks require.
Open Banking hits implementation deadlines in a short time frame.
Dynamic registration automates onboarding for UK banks and Fiserv organizations.
Open Banking Automates Onboarding with Dynamic Registration
We are a non profit, but we are funded by what is called the CMA9, which are the nine largest retail banks in the UK.
I think Ping plays a role in two areas.
So the first is the identity and security model around regulated parties.
So this is third parties and banks raise PSPs, having a framework and a security model that they can securely transact with each other and communicate with each other.
And we've used Ping as a core part of that stack.
The second elements is how banks provide secure access to the resources, so how third parties can ask banks for access to an account and how a customer can securely authenticate that.
Many of the banks in the UK and indeed globally are using Ping as a core IAM vendor.
[MUSIC] It's quite interesting that, Ping plays a role in both the security model of banks, but also in the trust framework that we've developed internally in Open Banking.
We could have decided to try and build a lot of the functionality that we use Ping for, ourselves, manually, but why reinvent the wheel?
I'm really proud of what we've done with Open Banking.
But it's also useful that we are using the same core technology as many of the banks.
Certainly using a technology vendor that is standards compliant and has got a proven track record in this space is really important.
I think it is a significant benefit and will derisk your deliveries significantly.
[MUSIC]
The Objective
Open Banking Limited, the trading name of the Open Banking Implementation Entity (OBIE), is a private, non-profit company established in 2016 by the UK’s Competition and Markets Authority (CMA) to create software standards and industry guidelines for United Kingdom retail banking. Open Banking works with the UK’s largest banks and building societies as well as challenger banks, financial technology companies, third-party providers (TPPs), and consumer groups, with the mission of driving competition and innovation in the banking industry.
As part of that mission, Open Banking creates standards and acts as an implementation services entity for open banking in the UK helping to enforce these standards and making sure that financial institutions are implementing them correctly while ensuring that third parties can build out their propositions as effectively as possible.
The Challenge
Open Banking realized early on that they would need to create a whitelist to ensure that these banks and third parties know at all times who can access what APIs. This whitelist would provide a trust framework so that third parties and banks can trust one another and trade securely.
The whitelist, now known as the Open Banking Directory, had to provide three key functions. One, the trust framework would enable effortless confirmation of an entity’s regulated status, supporting real-time updates from a central source. Two, the identity component of the platform would contain a searchable directory of all third parties and banks, allowing for transparency and discovery as new players enter the market. And three, the directory would support dynamic client registration, facilitating the automation of the on-boarding process between third parties and banks and further reducing barriers, especially for smaller players.
The Solution
Open Banking considered building the framework internally but ultimately chose Ping Identity technology as a core part of their stack. Under Open Banking, entities must have absolute certainty about the identity of regulated parties; banks need to know who third parties are and third parties need to know who banks are so they can securely conduct transactions with and communicate with one another.
“We could have decided to manually build a lot of the functionality ourselves, but why reinvent the wheel when there's a product out there like Ping that does what you need?” asked Chris Michael, Head of Technology for Open Banking.
Another consideration in Open Banking’s selection of Ping Identity revolved around the fact that many of the banks in the UK and globally are already using Ping as a core IAM vendor. Ping meets the rigors of financial-grade security that banks require, while providing a consistent user experience. Ping’s comprehensive, standards-based identity and access management (IAM) platform also meets PSD2 and Open Banking’s broad set of requirements for banks themselves, providing secure access to accounts (XS2A) through open APIs, strong customer authentication (SCA) and consent management.
“It's also useful that we are using the same core technology as many other banks," Michael added.
Ping is standards-compliant and has got a proven track record in this space, which is a significant benefit and de-risked our delivery significantly.
Chris Michael
Head of Technology, Open Banking
The Results
As a direct result of using Ping Identity technology to underpin the UK’s open banking framework, Open Banking was able to set up the Open Banking Directory. They also worked with the banks and third parties to get them on board to the directory in a very short period of time, with 22 registered Account Servicing Payment Service Providers (ASPSPs) and 28 TPPs as of July 2018. “The fact that we went live on time, and we enabled the industry to start to go live from January this year, I think is no mean feat,” Michael said.
Now all UK banks, financial services organizations, and third-party providers who want to participate in the open banking ecosystem go through an enrollment and verification process before becoming trusted identities stored in a central Ping repository. Organizations not only meet Open Banking requirements, but they deliver a secure, seamless, and personalized experience for customers.
More About Open Banking
Open Banking was created to enable innovation, transparency, and competition in UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures, and security architectures that will enable developers to harness technology, making it easy and safe for individuals and SMEs to share the financial information held by their banks with third parties.
More Stories You'll Love
Ping Identity helped Equinix provide easy employee access to dozens of applications.
Applied Materials delivers cutting edge mobile single sign-on (SSO) across their enterprise ecosystem with Ping Identity.
HP reduced complexity, optimized spend, and is enabling new business as the company evolves.
If you like what we did for Open Banking,
let’s talk about what we can do for you
Start Today
Contact Sales
See how Ping can help you deliver secure employee, partner, and customer experiences in a rapidly evolving digital world.