Account Information Service Provider

(AISP) An Account Information Service Provider provides account information services as an online service to provide consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s).

Account Servicing Payment Service Provider

(ASPSP) Account Servicing Payment Service Providers provide and maintain a payment account for a payer as defined by the PSRs and, in the context of the Open Banking Ecosystem are entities that publish Read/Write APIs to permit, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API end points.

API Data

API Data is data made available to an API User or a TPP through the APIs.

API provider

An API provider is a service provider implementing an Open Data API. An API provider provides Open Data via an API gateway.

API User

An API User is any person or organisation who develops web or mobile apps which access data from an API Provider.

Application Programming Interface

(API) An Application Programming Interface is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.

ASPSP brand

An Account Servicing Payment Service Providers (ASPSP) brand is any registered or unregistered trade mark or other Intellectual Property Right provided by an ASPSP.

Authorised Push Payment (APP) fraud

APP fraud is where victims are tricked into sending funds from their bank account to a fake or fraudulent account by someone posing as a genuine payee such as a friend or family member, or a trusted organisation.

Card Based Payment Instrument Issuer

(CBPII) A Card Based Payment Instrument Issuer is a payment services provider that issues card-based payment instruments that can be used to initiate a payment transaction from a payment account held with another payment service provider.

CMA Order

The Retail Banking Market Investigation Order 2017.

CMA Remedies

Remedies that the CMA deemed appropriate to introduce to address a number of key features of the UK Retail banking market considered to be having an adverse effect on competition. These remedies included a requirement for the UK banking industry to adopt a subset of HMT’s proposals for Open Banking.

CMA9

The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts. They are as follows: AIB Group (UK) plc trading as First Trust Bank in Northern Ireland, Bank of Ireland (UK) plc, Barclays Bank plc, HSBC Group, Lloyds Banking Group plc, Nationwide Building Society, Northern Bank Limited, trading as Danske Bank, NatWest Group plc, Santander UK plc (in Great Britain and Northern Ireland).

Competent Authority

A Competent Authority, in the context of the Open Banking Ecosystem, is a governmental body or regulatory or supervisory authority having responsibility for the regulation or supervision of the subject matter of Participants.

Competition and Markets Authority

(CMA) The Competition and Markets Authority (CMA) is a non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing and reducing anti-competitive activities.

Confirmation of Payee (CoP)

Confirmation of Payee (CoP) is an account name-checking service primarily for bank and building society payments, launched by Pay.UK in 2020 to help prevent fraud.

When consumers and businesses make a payment, Confirmation of Payee (CoP) shows them if the money’s going to the right account before they transfer the funds.

CoP plays a key role in protecting against certain types of Authorised Push Payment (APP) fraud.

We partner with Pay.UK to provide and manage the CoP service as part of the Open Banking Directory.

Data Protection and Digital Information (DPDI) Bill

The DPDI Bill is a piece of legislation that is currently passing through Parliament. It makes changes to the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.

Data Standard

The data standards issued by Open Banking from time to time in compliance with the CMA Order.

A trust framework of regulated providers

The open banking Directory is the core infrastructure of our ecosystem – enabling participants to request and grant access to customers’ financial data in a secure, permissioned way via open banking APIs.

Play video

Directory Sandbox

The Open Banking Directory Sandbox is a test instance of the Directory. The Directory Sandbox may be used to support testing applications with test API endpoints and testing integration with the Open Banking Directory.

European Banking Authority Regulatory Technical Standards

(EBA RTS) The European Banking Authority develops Regulatory Technical Standards which are submitted to the European Commission for endorsement. Regulatory Technical Standards are a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability and other processes.

Financial Conduct Authority

(FCA) The Financial Conduct Authority is the conduct regulator for 56,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms.

General Data Protection Regulation

(GDPR) A regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).

Joint Regulatory Oversight Committee (JROC)

The Joint Regulatory Oversight Committee (JROC) was established in April 2023 and is responsible for overseeing the next phase of open banking in the UK. The committee is co-chaired by the Financial Conduct Authority’s Executive Director, Consumers and Competition, Sheldon Mills, and the Payment System Regulator’s Managing Director, Chris Hemsley.

Mandatory ASPSP

Mandatory Account Servicing Payment Service Providers (ASPSPs) are entities that are required by the CMA Order to enrol with Open Banking.

Open API

An Open API or Public API is a free-to-use, publicly available application programming interface (API) that provides developers with programmatic access to a proprietary software application.

Open Banking Ecosystem

The Open Banking Ecosystem refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, the governance, systems, processes, security and procedures used to support participants.

Open Banking Limited

(OBL) Open Banking Limited - formerly the Open Banking Implementation Entity (OBIE) - is the delivery organisation working with the CMA9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin open banking in the UK.

Open Banking Services

The open banking services to be provided by Open Banking to Participants, including but not limited to, the provision and maintenance of the Standards and the Directory.

Open Data

Information on ATM and Branch locations, and product information for Personal Current Accounts, Business Current Accounts (for SMEs), and SME Unsecured Lending, including Commercial Credit Cards. Open Data is data that anyone can access, use or share.

Open Finance

Open Finance is the extension of open banking-like data sharing and third party access to a wider range of financial sectors and products, such as savings, investments, pensions and insurance.

Participant

An API Provider, API User, ASPSP, or TPP that currently participates in the Open Banking Ecosystem.

Payment Initiation Services Provider

(PISP) A Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.

Payment Services Provider

(PSP) A Payment Services Provider is an entity which carries out regulated payment services, including AISPs, PISPs, CBPIIs and ASPSPs.

Payment Services Regulations

(PSR) The Payment Services Regulations 2017, the UK's implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA.

Payment Services User

(PSU) A Payment Services User is a natural or legal person making use of a payment service as a payee, payer or both.

Primary Business Contact

(PBC) A Primary Business Contact is an individual nominated by an entity to have access to the Directory and will be able to nominate other Directory business users. This should be a formal business point of contact and a senior member of staff responsible for systems and controls related to Open Banking.

Primary Technical Contact

(PTC) A Primary Technical Contact is an individual nominated by the entity to have access to the Directory and will be able to nominate other Directory technical users. This should be a main point of contact on technical configuration and a senior member of staff with responsibility for the management of the Open Banking digital identity.

Read/Write API

Read/Write APIs enable third party providers, with the end customer’s consent, to request account information, such as the transaction history, of personal and business current accounts and/or initiate payments from those accounts.

Read/Write Data

Read/Write Data includes personal current account and business current account transaction data sets made available by ASPSPs in accordance with the Read/Write Data Standard.

Revised Payment Services Directive

(PSD2) The Payment Services Directive 2015/2366, as amended or updated from time to time and including the associated Regulatory Technical Standards developed by the EBA and agreed by the European Commission and as implemented by the PSR and including any formal guidance issued by a Competent Authority.

Small and Medium-sized Enterprises

(SMEs) Small and medium-sized enterprises by scale of business, as defined by the CMA, with a turnover <£6.5m p.a.

Smart data

‘Smart data’ is the secure sharing of customer data with authorised third-party providers (TPPs), at the customer’s request. These providers then use the data to provide innovative services for personal or business customers, such as automatic switching or better account management.

Smart Data Council

The Department for Business and Trade has set up a Smart Data Council to work on smart data schemes such as helping consumers and small businesses switch utility providers more easily.

The new body comprises key government departments, regulators, industry and consumer groups, and includes representatives from Citizen’s Advice, Innovate Finance and other stakeholders.

Standards

The Standards are the Data Standards and Security Standards in accordance with which ASPSPs will be required to make Read/Write APIs available.

Strong Customer Authentication

(SCA) Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a finger print or iris pattern]) that are independent, [so] the breach of one does not compromise the others, and is designed in such a way as to protect the confidentiality of the authentication data.

Sweeping

Sweeping is the automated movement of a customer's funds between two accounts in their name, such as a current and savings account. It is commonly used to help the customer avoid overdraft charges, repay a loan or benefit from better interest rates.

Technical Service Provider

Technical Service Providers (TSPs) are companies which work with regulated providers to deliver open banking products and services.

Third Party Provider

(TPP) Third Party Providers are organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).

Variable Recurring Payments (VRPs)

Variable Recurring Payments (VRPs) let customers safely connect authorised payments providers to their bank account so that they can make payments on the customer’s behalf, in line with agreed limits. VRPs offer more control and transparency than existing alternatives, such as Direct Debit payments.

Voluntary ASPSP

Voluntary Account Servicing Payment Service Providers (ASPSPs) are those entities who, although not obliged to enrol with Open Banking, have elected to do so in order to utilise the Standards to develop their own APIs, to enrol onto the Open Banking Directory, and to use the associated operational support services.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
lpv840283	30 minutes	No description
visitor_id840283	10 years	No description
visitor_id840283-hash	10 years	No description