Open Banking Glossary

Open Banking Glossary

Open Banking Glossary

Open Banking, a catalyst for change in 2018 for the financial industry. By allowing third-party access to banking data, this connectivity has allowed fintechs to fill the gaps currently in the financial market.

We know that not everyone knows what Open Banking is and that it may not be as clear cut to those outside the industry as it is for those of us living and breathing it every day.

We’ve created a glossary of terms below, made for everyone from your friend who knows nothing about finance to your grandparents who want to try new apps but may not understand why they are giving access to their private, sensitive banking data.

So, whenever in doubt, you can bookmark this page to help refresh your memory.

If terms are missing, or incorrectly defined, do not hesitate to email lisa@tomatopay.co.uk to let us know.


Introduction to the second Payment Services Directive PSD2, or otherwise known in the UK, Open Banking.

Open Banking has a noble mission: to make financial services accessible to the masses, and give everyone an equal chance of being financially successful. It also provides financial support where the consumer and businesses previously faced unclarity.

Open Banking (or also known as The second Payment Services Directive (PSD2), see below for definition) is a major regulatory innovation that is reshaping the banking industry from the ground up, allowing third-party financial services access to your banking data. These third-party apps could be an app you download or use on your computer or laptop’s browser. These apps may help you make cheaper payments, create invoices, categorise your finances, allow you to connect all your bank accounts to one place, or might give you information on your future finances.

Access to Accounts 

‘Access’ that a third-party provider might ask for. This account will usually be, but may not be limited to, a traditional bank account you can take money out of (an example could be a Santander Current Account). You do not need to give the bank notice beforehand to give access to the chosen account. This will be done by authorising through your mobile banking app, or through your desktop online banking. 

Account Information Services (AIS)

A service from an authorised financial institution providing consolidated information on a customer’s bank or/and payment accounts. This means you may connect your bank account to a third party, and then connect all of your bank accounts for a single view of your financial transactions across all bank accounts.

Account Information Service Provider (AISP)

A type of classification for a regulated, authorised third-party that can retrieve account information provided by financial institutions.

Account Servicing Payment Service Provider (ASPSPs)

A type of classification for a regulated, authorised third-party that can provide and maintain payment accounts for payment service users. Under Open Banking, ASPSPs publish ‘Read/Write’ APIs. This allows users to share their account transaction data with third-party providers. Third party-providers can then initiate payments on a user’s behalf with a user’s explicit consent.

Application Programming Interface (API)

A computing interface that interacts with a separate software component or resource. In other words, technology can integrate with another company’s technology to enhance the services provided.

Blockchain

A digital record of transactions that is duplicated and distributed across the entire network of computer systems.

Challenger Banks 

A relatively small retail bank set up to compete for business with large, long-established national banks. You can see our blog on challenger banks here.

Card Scheme 

Payment networks (for example, VISA, American Express (AMEX) or Mastercard) linked to payment cards, such as debit or credit cards, of which a bank or any other eligible financial institution can become a member to issue cards or acquire merchants operating on the network of that card scheme.

Card-Based Payment Instrument Issuer (CBPII)

It gives its customers the option to initiate card-based payments from payment accounts held by an Account Servicing Payment Service Provider (ASPSP). See above for the definition of ASPSP. An example could include an independent financial provider that allows you to pay from your bank account.

Competition and Markets Authority (CMA)

The CMA investigates mergers that could restrict competition. Competition is needed to stop a few businesses from taking market control, and in turn can control prices and competition easily, which may negatively impact the end customer. The CMA also investigates where there may be breaches of UK or EU law against anti-competitive agreements and abuses of dominant positions.

Competition and Markets Authority 9 (CMA 9)

It’s an independent department of the UK government, whose aim is to promote market competition and fairness and reduce harmful monopolies. The CMA 9 is referred to the nine big banks and building societies in the UK that originally participated at the start of Open Banking in early-2018.

This includes:

  • AIB Group UK (trading as First Trust Bank in Northern Ireland)
  • Bank of Ireland (UK)
  • Barclays Bank
  • HSBC Group (including First Direct and M&S)
  • Lloyds Banking Group (including Bank of Scotland and Halifax)
  • Nationwide Building Society
  • NatWest Group (including NatWest, Royal Bank of Scotland and Ulster Bank NI)
  • Northern Bank Limited (trading as Danske Bank)
  • Santander UK

Competent Authority 

Any person or organisation that has been legally delegated or has an invested authority, capacity or power to perform a designated function. Once an authority is delegated to perform a certain act, only the competent authority is entitled to control the accounts and therefore the actions associated with these accounts. 

Dynamic Client Registration

Enables third-parties or institutions to verify the identity of the end-user based on the authentication performed by an authorisation server.

eIDAS certificates

EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. 

European Banking Authority (EBA)

Regulatory agency of the European Union increasing transparency in the European financial system and identifying weaknesses in banks’ capital structures. 

Financial Conduct Authority (FCA)

It regulates the financial services industry in the UK. Its role includes protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers.

General Data Protection Regulation (GDPR) 

Regulation in EU law on data protection and privacy in the European Union and European Economic Area (EEA). Also addresses the transfer of personal data outside the EU and EEA areas. This is to protect customers data, and institutions should all be adhering and doing internal training to ensure competence around handling a customer’s sensitive data. Under GDPR, any customer can request a copy, and for the deletion of any data held on them from businesses. Fractal is GDPR compliant. You can see more on our Security Page.

Know Your Customer (KYC)

Requires that professionals make an effort to verify the identity, suitability and risks involved with maintaining a business relationship. The procedures come within the scope of a bank’s Anti Money Laundering (AML) policy. 

Merchant Acquirer

The ‘acquirer’ is the financial institution that processes and settles payments on behalf of the customer through a line of credit (a credit card is a good example). 

Open API 

Publicly available APIs that provides developers with open programmatic access to a proprietary software application or web service. 

Open Banking Directory 

List of regulated third party providers (AISPs and PISPs) and account providers that operate in the Open Banking ecosystem. It is to enable account providers, such as banks, building societies and payment companies to verify the identity of regulated third party providers. You can find a list of Regulated Providers here.

Open Banking Implementation Entity 

Creates software standards and industry guidelines that drive competition and innovation in UK retail banking.

Open Banking Working Group 

Improves interaction between payments services operating in different sub-sectors of the financial industry. It focuses on electronic payment innovations in the consumer and retail e-commerce space.

Open Data

It is a concept that focuses on the idea of data being freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control from the original institution who collected the data.

Open Finance

Extension of Open Banking data-sharing principles to enable third-party-providers to access customers data across a broader range of financial sectors and products, including savings and investments. You can see our blog here on Open Finance.

Payment Service Provider (PSP) 

Offers businesses online services for accepting electronic payments by a variety of payment methods including credit card, bank-based payments such as direct debit, bank transfer and real-time bank transfer based on online banking. You can read our blog here on Account-to-Account payments.

Payment Initiation Service Provider (PISP)

Online service which accesses a user’s payment account to initiate the transfer of funds on their behalf with the user’s consent and authentication. They provide an alternative to paying online using a credit or debit card. 

Payment Institution 

Refers to a category of payment service providers which came into being as a result of the enactment of the second Payment Services Directive (PSD2) also known as Open Banking in the UK (see below at The second Payment Services Directive (PSD2)).

Premium API 

Banks have a tremendous amount of data that is not covered by the PSD2 mandate. This data can be delivered as a product to institutions who want to leverage this additional data to build new, or build on top of, existing products.

The second Payment Services Directive (PSD2)

European regulation for electronic payment services. It seeks to make payments more secure in Europe, boost innovation and help banking services adapt to new technologies. Open Banking is the UK version of PSD2. The difference is that whereas PSD2 requires banks to open up their data to third parties, Open Banking dictates that they do so in a standard format. You can see our blogs on Open Banking here (2021) and here (2019).

Payment Service User 

A legal person making use of a payment service as a payee, payer or both. 

Qualified Certificate for Seals 

A qualified electronic seal is an electronic seal that is compliant with EU Regulation for electronic transactions within the internal European market. 

Qualified Trust Service Provider

A person or legal entity providing and preserving digital certificates to create and validate electronic signatures. 

Qualified Website Authentication Certificate

A type of qualified Digital Certificate under the trust services defined in the eIDAS Regulations. Assures that the data sent to QWAC secured websites meets the stringent regulations.

Strong Customer Authentication (SCA)

The requirement of the EU’s second Payment Services Directive (PSD2) within the European Economic Area (EEA). The requirement ensures that electronic payments are performed with multi-factor authentication to increase the security of electronic payments. You can see our blog here on Strong Customer Authentication.

The third-party provider (TPP)

A 'Third Party Provider' is an authorised online service provider that has been introduced as part of Open Banking. They exist outside of your relationship with your bank, but may be involved in the online transactions you carry out.

Technical Service Providers (TSPs) 

Renders purely technical services such as processing and storing data, or transmit payment transaction data to the extent that this does not reach the threshold of becoming a Payment Initiation Service (PIS). 

UK Open Banking Working Group 

Established in 2015 by the UK Treasury to explore using shared data in finance. The group includes stakeholders from all the relevant parties in Open Banking - banks, TPPs, consumers and open data groups. 


tomato pay is an FCA-regulated authorised Account Information & Payment Initiation Service Providers (AIPISP) provider. You can find us on the Open Banking Directory, and on the FCA registered list here.

Community has never been as important as it is today, and watching the business and sole trader community struggle throughout the past year has spurred us on to take a more community-led approach to our business.

tomato pay is a simple, QR-code based payments and invoice app powered by Open Banking and built on our own, in-house tomato pay API platform which offers both AIS and PIS capabilities.