Open Banking API for Payments Transforming Payments in an assembly game Jean-François Delorme Partner Paiements, DXC Technology
The World of Yesterday The classic French Garden style 2
Payment Industry Value Chain End users relationships Channels Payment factories
The World of Yesterday An exclusive relationship End users relationships Channels Payment factories Bank
The World of Yesterday An exclusive relationship
B A N K The new payment landscape A fragmented world End users relationships Channels Payment factories
B A N K 3 major causes of fragmentation in the payments value chain End users relationships Usage Mobility and immediacy Seamless user experience Customer centric Channels Regulations KYC / GDPR Strong authentication PSD2 Open Banking Payment factories Technology Open Banking API Robotic Process Automation
Is The World of Yesterday falling apart?
Changes in the payment framework create a new playing field Enabling : New hybrid offerings New business models Strategies and positioning Transforming Payments in an assembly game February 5, 2018
B A N K Stakeholders Payment Service User PSU Traditional stakeholders DSP1 stakeholders with new PSD2 status New PSD2 stakeholders End users relationships Channels Account Servicing Payment Service Provider ASPSP Payment Instrument Issuers Service Provider Third Party Provider TPP Account Information Service Provider Payment Initiation Service Provider PIISP AISP PISP Payment factories
B A N K Framework Payment Service User PSU RTS PSD2 End users relationships Channels ASPSP Payment Instrument Issuers Service Provider Account Information Service Provider Payment Initiation Service Provider PIISP AISP PISP Payment factories
BANK B B A N K Interfaces & technical standards Payment Service User PSU End users relationships Channels ASPSP Payment Instrument Issuers Service Provider Account Information Service Provider Payment Initiation Service Provider PIISP AISP PISP RTS Payment factories API
B A N K Existing and efficient interbank infrastructures Payment Service User PSU End users relationships Channels ASPSP Payment Instrument Issuers Service Provider Account Information Service Provider Payment Initiation Service Provider PIISP AISP PISP Payment factories CSM / Instant Payment
B A N K A new playing field enabling new hybrid offerings Payment Service User PSU End users relationships Channels ASPSP Payment Instrument Issuers Service Provider Newsagents Account Information Service Provider Payment Initiation Service Provider PIISP AISP PISP Financiere des Paiement Electroniques Payment factories CSM / Instant Payment
B A N K A new playing field enabling new hybrid offerings My Saving Account Payment Service User PSU End users relationships Channels ASPSP Payment Instrument Issuers Service Provider Account Information Service Provider Payment Initiation Service Provider Program PIISP Program Manager AISP PISP Manager Payment factories CSM / Instant Payment
The API hub as seen by an agregator
Changes in the payment framework create a new playing field Enabling : New hybrid offerings New business models Strategies and positioning February 5, 2018
What next? 1 2 3 Identify use cases and offerings Be customer focus using Design Thinking Create the User Experience Go through the Design Thinking process Learning by doing 4 Test Develop and implement February 5, 2018
The API Hub : DSP2 APIs and beyond Marie-Benoîte Chesnais Sr Principal Consultant, API Management CA Technologies
Banking Services Today 2018 CA. Confidential. All rights reserved. 20
Banking platorm: Target Architecture 2018 CA. Confidential. All rights reserved.
TPP Platforms Online APPS Mobile APPS 3 rd Party integration CA API Portal CA AA CA APIM Security Services Interface CA IM RISK FRAUD CA Optional (SSO, Fed, IdAM, PAM, MAG..) API-Based Inbound Services Portfolio (Auth, Risk, Aggregation,..) & Business Logic CA APIM Data Transformation CA AA Security Services Interface Protocol Mediation CA IM CA Optional (SSO, Fed,,..) API-Based Outbound Services Portfolio (XSD2, payments, Aggregation,..) Bank #1 AIS Services Bank #2 AIS Services Bank #2 Payment Services Bank n Any Service 2018 CA. Confidential. All rights reserved.
2018 CA. Confidential. All rights reserved. 25
2018 CA. Confidential. All rights reserved. 26
2018 CA. Confidential. All rights reserved. 27
Customer Personal Information Communication End User with the TPP Communication TPP with the Bank Communication Bank with the End User End user TPP Bank 1 3 Open the TPP app and login into the TPP App Send the welcome page Access to his/her personal information 4 2 Asks for authorization on behalf of the end user 6 8 Send the credentials Grant the resources Send the login page Send the consent page 5 7 Send the customer personal information 10 12 14 Callback the authorization code Asks for theaccess token Send the Access token Invoke the API with a valid access token Send the customer personal information 9 11 13 28 2017 CA. ALL RIGHTS RESERVED.
Payment End user TPP Bank Communication End User with the TPP Communication TPP with the Bank Communication Bank with the End User 1 3 6 8 17 Open the TPP app and login into the TPP App Send the welcome page Want to initiate a payment Send the credentials Grant the payment Enter the OTP Payment completed 2 4 10 12 14 18 20 29 2017 CA. ALL RIGHTS RESERVED. 22 Asks for authorization on behalf of the end user Send the login page Send the consent page Callback the authorization code Asks for the access token Send the Access token Invoke the API with a valid access token to initiate the payment Send a TRX_ID Asks for authorization on behalf of the end user and for this TRX_ID Send the OTP Send the OTP page Asks for the id_token (OpenID JWT) Send the id_token (OpenID JWT) Invoke the API with a valid id_token to execute the payment Payment completed 5 7 9 11 13 15 16 19 21
API Days Paris 31th January 2018 DXC Sandbox use case Loïc de Kergommeaux Senior Partner Consulting, DXC Technology DXC Proprietary and Confidential Open Banking API for Payments transforming Payments in an February 5, 2018 34 assembly game
Why a sandbox? Business models and techniques Flexible & agile collaboration Awareness Expertise and knowledge To deepen the understanding of business models and techniques, in application of DSP2 and Open Banking, and to experiment with them Create a flexible and agile collaboration environment for the development of ecosystem offerings and partnerships Contribute to the awareness of digital transformation, internally and with third parties Build expertise and knowledge DXC Proprietary and Confidential February 5, 2018 35
BANQUE B BANK Interfaces & technical standards PSU Customer relationship Intermediation channels ASPSP Payment Instrument Issuers Service Provider Account Information Service Provider Payment Initiation Service Provider PIISP AISP PISP RTS Payment factories API DXC Proprietary and Confidential February 5, 2018 36
Example : a customer offer 1,00 10,00 DXC Proprietary and Confidential February 5, 2018 37
Customer journey Replace Connected machine Pay per use Finalize the payment Add a bank to the service Aggregated accounts DXC Proprietary and Confidential February 5, 2018 38
Stakeholders & streams PSU 3 8 5 1 Order a washing machine (and its CLIENT consumables) on the online store and chose the Pay-per-use service 6 Strong authentication Pay-per-use service Aggregation & initiation 2 9 4 7 Redirection to the Use'Pay web service Accounts aggregation 10 Payment confirmation ASPSP CLIENT BANKS DXC Proprietary and Confidential February 5, 2018 39
Demo DXC Proprietary and Confidential Open Banking API for Payments transforming Payments in an February 5, 2018 40 assembly game
Open Banking Accelerator SandBox components Online Retailer PFM Service (AISP / PISP) Mobile Banking App for Payment Authorisation Third Party Bank (Hogan) Transaction & Payment APIs (PSP) Programmable Web APIs Secure Customer Authentication (DXC Confident ID) Developer Portal (CA) API Management (CA) Sandbox is deployed on AWS Ready to deploy on premises PSD2 API support - UK Open Banking - STET - Martin Dupont Transaction & Payment APIs (PSP) PKI Certificate Management Risk Systems (CA) API Creator (CA) DXC Proprietary and Confidential February 5, 2018 41
Alignment with Open Banking Architecture February 5, 2018 DEVELOP RUN SECURE COMPLY IoT M2M Smart agents TPP Development Developer Portal API Portal TPP APIs TPP APIs and Systems Consumer channels TPP Systems Authentication Policy Manager Secure Customer Authentication TPP Registration Regulator Portal Operational Management API Gateway Throttling / caching Customer support & issue resolution API lifecycle management Billing Reporting / Monitoring API Gateway (External) API Gateway (Internal) Security Physical Security Secure TPP Authentication Development API Creator API Creation API Conversion (e.g. to REST) Data Integration BUS Data Transformation Risk Consent / Authorisation Compliance Reporting SDK Creation App Development Integration BUS Source Systemk Back-end Systems Source System Source System Source System Transaction Risk APIM platform GDPR Infrastructure Other components DXC Proprietary and Confidential Dev / Test / Production
Accelerator Architecture Architecture implemented for the demo Crédit Mutuel (ASPSP) Crédit Mutuel-ResourceSrv Developer Portal 6 3 2 LocalDB OTP Credit Mutuel Crédit Mutuel AuthSrv Micro Services UsePay TPP (AISP/PISP) SSL 1 4authorizaton-code 5 Crédit Agricole Bank UsePay Web App UsePay Web Server SSL Developer Portal OTP DB SSL UsePay-TPP (OTP) (UsePay AuthSrv) (OTP) (Crédit Agricole AuthSrv) Developer Portal SSL UsePay Mobile App LocalDB LocalDB SSL UsePay TPP Micro Services (Apache Karaf) Crédit Agricole-ResourceSrv Crédit Agricole Micro Services ConfidentId Mobile App IdentityX ConfidentId Server Martin-Dupont (ASPSP) CA API Gateway Martin-Dupont-ResourceSrv Developer Portal OAuth2 Server OTP (Martin-Dupont AuthSrv) LocalDB Martin-Dupont Micro Services DXC Proprietary and Confidential February 5, 2018 43
DXC.Technology API experience Financial services Swiss Banking Centre - Implemented and operates an API Gateway to expose 60 APIs in DXC s Bern Banking Centre Large Australian bank - API gateway implemented and operated Large Spanish bank - project in progress to deploy and manage an API gateway. Large Canadian bank - Wealth management POC API-enabling Enterprise Services FSI Assets APIs developed for Celeriti banking systems (Hogan Core Banking), CAMSII (Card Procesing) and Lending; and for insurance products, e.g. for quotes Lufthansa Transport Designed and developed open APIs to deliver value-adding services to Lufthansa customers. DXC provided API design, development and programme management Consumer and Retail Public Sector One of the world s largest consumer packaged goods companies DXC built a proof of concept for API exploitation Department for Work and Pensions Competency Centre to develop, deploy and manage APIs Solution for the deployment of apps and API management in containers Hosted Service - Partnership with CA to provide a hosted VPC service for their API management software DXC IT - Our developers deploy APIs extensively to interface into SaaS and legacy apps (e.g. SAP, Workday and sfdc) DXC Proprietary and Confidential February 5, 2018 44
DSP2 et API Economy Services et solutions de DXC & CA Define Strategy Create APIs Integrate systems Optimise infrastructure Manage APIs Secure and comply Develop ecosystem DXC.technology DXC.technology DXC.technology DXC.technology DXC.technology DXC.technology DXC.technology DXC API Development Lifecycle Consulting Consulting API development DXC APIs (Celeriti & Insurance) Consulting Application development Consulting Cloud DevOps as a Service CA service virtualization CA Load & Test DXC Proprietary and Confidential Consulting API portal construction API portal and services management CA API Management CA API Creator Consulting Security implementation DXC ConfidentID Security management CA Rapid Authentication CA Advanced Authentication & CA Identity Manager Consulting February 5, 2018 45
Thank You.