As of January 2018, a new regulation for payment services within the EU market has been in place. PSD2 meant revolution in financial services area. According to the regulation, each bank is to allow access to online client’s account for third parties. This act applies to every payment account providers within the EU, no matter the size of organization. The bank and the third party communicate via secured API – application programming interface. This enables third party to inform client about their account status without the need to log into bank’s environment or even process payments on their behalf.
API was used in the project of internet cryptocurrency exchange (a third party from PSD2 perspective). A client can create 2 types of orders once they register and verify their account. A BUY order allows customer to select amount of EUR currency that is to be traded into cryptocurrency while SELL order turns amount of cryptocurrency into corresponding amount of EUR.
An important part of internet exchange is implementation of Slovak bank API. It’s used on several occasions. After BUY order, a client is sent an email informing them about payment to be made onto a bank account. After payment is processed, BUY orders are automatically matched and client is prompted to confirm exchange rate. The API is also used in SELL orders. After they are set, paid and the rate is confirmed, the orders are automatically exchanged on stock and corresponding amount of EUR is sent onto client’s account. Bank API implementation allows automatic payment pairing or payment order creations.
A crucial segment of bank API is security. Communication between bank and third party is ciphered by SSL protocol. Owner or authorized person grants access to their account by generating a unique token that is sent with every request. Owner also decides to which functions can third party have access and for how long a token is valid. It is the third party’s duty to secure gained information and protect it from misuse.
By integrating bank API we got deeper into PSD2 area and we know how to provide faster and more effective integration for fintech products. This solution is considered the beginning of incredible opportunities that PSD2 regulation brings into this new fast-growing API economy field. PSD2 regulation is also successfully implemented in our own project for AISP use case. Its goal is integration of biggest players in banking and crypto stocks.