diff options
author | Florian Dold <florian.dold@gmail.com> | 2020-06-09 13:56:08 +0530 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2020-06-09 13:56:08 +0530 |
commit | 8c94d1268d3523663941813e53e939d6e43fb010 (patch) | |
tree | 100cf327a21daeca84a727c0ad7336486966bdfa /libeufin/banking-protocols.rst | |
parent | 1d396d031a03e12501bb9b06b642366c7fbe4313 (diff) | |
download | docs-8c94d1268d3523663941813e53e939d6e43fb010.tar.gz docs-8c94d1268d3523663941813e53e939d6e43fb010.tar.bz2 docs-8c94d1268d3523663941813e53e939d6e43fb010.zip |
banking protocol docs
Diffstat (limited to 'libeufin/banking-protocols.rst')
-rw-r--r-- | libeufin/banking-protocols.rst | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/libeufin/banking-protocols.rst b/libeufin/banking-protocols.rst new file mode 100644 index 00000000..91c0f599 --- /dev/null +++ b/libeufin/banking-protocols.rst @@ -0,0 +1,84 @@ +Banking Protocols +################# + +This page collects information we have about banking protocols available around +the world. + + +Open Financial Exchange (OFX) Direct Connect +============================================ + +`OFX <https://www.ofx.net/>`__ is widely used in the US. It defines a completely +custom protocol (based on HTTP) and data formats (**not** based on ISO20022) for banking. + + +Electronic Banking Internet Communication Standard (EBICS) +========================================================== + +EBICS is used primarily in Germany, France and Switzerland. Some banks (such as BNPParibas +with their `Global Ebics <https://cashmanagement.bnpparibas.com/our-solutions/solution/global-ebics> offering`__) +also allow EBICS access to accounts in other countries. + +EBICS is just a transfer layer for communicating with banks. Banks define what +messages they support. In practice, EBICS is very often used to transfer +ISO20022 messages. + +German banks that are part of the German Banking Industry Committee all must offer EBICS access. +Thus this protocol is a good choice for the German market. + + +FinTS / HBCI +============ + +German home-banking standard. Only some banks allow authentication based on key pairs. +Due to different interpretation of PSD2, other banks now only allow authentication +methods that require interaction from the customer (SCA / Strong Customer Authentication). + +Payloads these days can be ISO20022 messages. + + +PSD2 +==== + +PSD2 is not a technical standard, but high-level legal requirements on (amongst other things) APIs +that banks have to offer. + +There are many implementations of PSD2 APIs. The `Berlin Group <https://www.berlin-group.org/>`__ +provides a framework that somewhat standardizes technical details, but the use of this standard +is by no means necessary. + +Unfortunately, it focuses on *other* parties accessing *your* bank account. It +does not give customers access to their own bank account. Customers can manage +third party access they give to their bank account in their online banking +system. That mechanism is conceptually similar to OAuth2. In fact, some +implementations of PSD2 even use OAuth2 directly. + +PSD2 requires two main services to be available via an API: + +* AIS (Account Information Service). +* PIS (Payment Initiation Service). + +Together, they're often called XS2A ("access to account"). + +An entity that wants to use AIS has to be registered with the financial +oversight authority in its country (BAFIN in Germany). PIS has even stronger +legal prerequisites. + +On a technical level, using PSD2 APIs usually requires having an `EIDAS +<https://en.wikipedia.org/wiki/EIDAS>`__ certificate. + + +Bank-Proprietary APIs +===================== + +Some banks offer completely custom APIs to access services of the bank. These often include services +not available via more standardized APIs, such as account creation. + +Often banks frame PSD2 as just another API available in their portfolio of API offerings. + +Examples: + +* `Deutsche Bank <https://developer.db.com/products>`__ +* `ING Group <https://developer.ing.com/api-marketplace/marketplace>`__ + + |