Our client is a large European IT enterprise 24K+ employees on board. They specialize in creating large-scale software mainly for FinTech, healthcare IT, and logistics.
Detailed information about the client cannot be disclosed under the provisions of the NDA.
Our client was looking to create a new open banking platform for their European office. The main reason was the Directive On Payment Services 2 regulations coming into force. The European financial institutions need to provide access to accounts, records, and services to verified eIDAS certified Third Party Providers (TPP) acting on behalf of a Payment Service User and supply such parties with suitable interfaces to initiate payments and get account information.
The bank contacted Innowise Group to create the open banking platform that would ensure compliance with the legislation requirements, seamlessly integrate the new system with their existing environment, introduce the necessary updates to their technical infrastructure while addressing security concerns associated with financial data and tangible information processing.
We started with investigating our client’s needs and the PSD2 regulatory interpretation to ensure precise adherence to its requirements. We then identified the application’s scope and determined the main milestones. Our team chose the Agile methodology to create the platform as fast as possible and make necessary amendments on the go if necessary.
The development process consisted of two stages: building the web interface to be accessed by the TPP and creating a secure open API. We chose our stack, relying on our expertise working with similar projects. We used mainly open-source techs, customizing them to the client’s needs by adding new components and plugins.
Our web developers concentrated on building an easy-to-operate interface, yet the most critical part was creating a secure API with identity authentication provisions. We provided authentication at the API management layer to free up the back end API. This approach also helped us centralize the configuration of authentication of several disparate APIs to manage various levels of TPP’s access. No data is stored on our side, only tokens. All authorizations to receive data require confirmation after a redirect to a bank page. We relied on Grafana tools to display the info dashboards. The final step was integrating the solution with the bank’s ecosystem, and set-up effective consent management frameworks implementing QWACs and QSEALS security protocols for PSD2 compliance, and writing detailed user manuals for TPPs.
With the open banking solution integrated, the bank lets TPPs access its clients’ accounts, including their balances and their ability to initiate payments. Thanks to robust, safe API, consent management protocols, and SCA client authentication in place, the bank can guarantee all data is processed securely at all times. Our team continues to support the solution.
All TPPs only have access to specific data clusters verified by Payment Service Users, such as account balances, deposits, transactions, limited transaction history abstracts, and more. The web interface is easy to use, providing clear navigation guidelines for every registered user.
With the required capabilities in place, the bank passed PSD2 Regulatory Technical Standards (RTS) certification and can now efficiently and seamlessly work with third parties making its operations future-proof in the open banking financial environment. The system is highly scalable and can deal with a growing number of users with no downtime.
Having received and processed your request, we will get back to you shortly to detail your project needs and sign an NDA to ensure the confidentiality of information.
After examining requirements, our analysts and developers devise a project proposal with the scope of works, team size, time, and cost estimates.
We arrange a meeting with you to discuss the offer and come to an agreement.
We sign a contract and start working on your project as quickly as possible.
Your message has been sent.
We’ll process your request and contact you back as soon as possible.