What is Open Banking?
Open banking originated in 2015 under The Revised Payment Services Direcctive of the EU. In August of the following year (2016), Britain first asked its 9 major banks to adopt the system, then in 2018 they introduced it forcefully. Afterwards other countries such as USA, Australia, and Singapore joined in creating related laws, encouraging the initiation of Open Banking in banks. This new campaign is also coming from Europe to Taiwan. In 2019, the Taiwan Financial Supervisory Commission finalized the introduction of Open Banking in Taiwan into three stages.
3 Phases of Open Banking in Taiwan
2019
Phase I
Public information
Open product information, like: exchange rates, mortgage interest, etc.
2020
Phase II
Personal information
Personal banking accounts and checking balances can be consolidated through a third party APP.
2021 Q1
Phase III
All information
Payment, transaction, and transfers, etc, can be done through a third party product.
3 Phases of Open Banking in Taiwan
As the campaign of Open Banking rises, digiRunner provides complete features of corporate level API management platform, provided with financial setups and third party platforms to use information with higher versatility. This not only creates a new buisness model, but also provides users a better experience through third party platform, increase market usage and ecosystem.
digiRunner realizes the three steps open banking standards.
digiRunner API managing platforms reflect the law requirements of open banking financial supervisory commission, by unifying stands and safety managing mechanism and accelerating extensive cooperation between financial industries and TSP industries, to achieve industrial reach and expland profit.
Traditional Banking VS Open Banking
Traditional banking Service reach centralized, little versatility, and higher user service conversion costs.
Consumer
Consumer
Bank
Bank
Finance service Finance service
Finance service
Traditional Banking VS Open Banking
Open banking In alliance with multiple industries, high versatitlity with service development, keeps the customer's needs closer.
Consumer
Consumer
TSP
TSP
Finance service Finance service
Finance service
Bank
Bank
Open information for each steps
Open information for each steps are included down below
TPI digiRunner helps create strategies for API platforms, allowing banks to be more flexible.
Step one-Publish open information
information consolidation
incease efficiency
digiRunner; API managing platforms have patented service that doesn't inhibit special features of hot deployment. Up to 50 percent of development speeds between platforms and th adjoining efficiency between downstream systems are increased. API's auto explore, immediate warning, transaction managing features can accomplish the safety management in transport layer, information layer, and behavior layer, allowing IT personnel not have to worry about the cyber security of the mainframe platform, and can directly authorize different systems directly from the platform, taking out the extra step to fix programming like in the past and greatly decreases management and maintenance time.
1
Step two-Publish personal information
authorization mechanism
Covering of everything
Comply with Open Banking API standards, personal information and transaction sensitive information are completely protected. From date transport layer (confidentiality, data integrity, source of information, unrepeatability), information layer (information completeness verification, encrytion on sensitive personal information, anti-hacking), behavior layer (OAuth2 verification mechanism and authorization timeliness, Client authorization and IP Check) all are protected from risks of cyber security to assist in provided Token mechanism, to efficiently manage API users which includes authorization mode and flow managment.
2
Step three-Publish transaction information
finance data
safe sharing
Through all-round digiRunner API, managing platform structures realize open banking's final purpose, under the users agreement, TSP affiliates can connect account payment, deduction, transaction throguh APP after integrating account infroamtion to really achieve "Finance date safe sharing," providing consumers a more complete fianancial experience.
3
Skill structure of safety standards
digiRunner's professional consultant team, assists in creating the skill structure that conforms with each countries Open Banking standards.
Skill structure of safety standards
digiRunner's professional consultant team, assists in creating the skill structure that conforms with each countries Open Banking standards.
Client
TSP affiliates
Bank
Bank or external examination
Non-encrypted HTTP
Encrypted HTTPS
agent Agent
1 Users initiate banking services
TSP verifies users
2 Process demonstration
picture A
3 Return authorization form bank
Sends Authorization Code to TSP
7.3 Results returned
Return used API resource
Third party dealer
TSP Server
Third party dealer
4 Demand saved authorization
Sends Authorization Code to bank portal
6 Authorization returned
Resends access_token
*Picks JWE token
7.1 Demand access of information
Uses Access_token
Make use of API resources
OAuth Server
OAuth Server
(Bank or APIM)
Resource
Server
APIM
5 External examination
Calls API external examination
7.2 Accessed resources
Access services provides by bank
Identity Sever
Identity Sever
(Supports third party or bank verification Sever)
Backstage system bank services
agent
圖A
Communicates throguh TSP app and Oauth server
User login
Login online bank
Online bank cancel agree
1. Core screen pops out (outer URL)
2. User enters ID/PWD
Level/service selection
Open features based on level
Online bank cancel agree
3. Verfication successful, obtains TSP Server (Client); can now use Group List
4. Jumps to page providing User the option to provide agreement authorization
Enter verification code
Bank returns authorization permit
Online bank cancel agree XXX
5.Obtain Authorization Code
When users authorize for TSP to process related bank information, no records of account username and password would be left behind or saved, rather only through user authorzation will related information be integrated.
How to select API managing platform?
When selecting a API managing platform, it not only raises the efficiency of enjoining APIs, it also greatly decreased internal personel's time in managing API. It's a indispensible helper in a time where both sides sare entering Open Banking. On the current market, API managing platforms all provide unification of interface formats and information encrypting features. Besides that, if platforms still provide graphical user interface, allowing anyone to learn how to operate immediately, it can save time in internal system familiraizaion and managment, also whether platforms can provide external cooperating partners the authorization to managing features, is also a hot top of consideration; in parts of identity verifaction and API authorization, what every coutry now reference is from Oauth2 standards to strenghten managment, therefore by selecting something that satisfies all ID verifcation methods and authorization standards of platforms can help financial setups and TSP save more time in developing related API.
API information security lock, API monitoring warning, API manage and authorization, API system integration
TPI digiRunner helps create strategies for API platforms, allowing banks to be more flexible.
TPI digiRunner helps create strategies for API platforms, allowing banks to be more flexible.
Strengthen information security protections
ID verification that complies with Oauth2 standards and API authorization mechanism, interface format unification, information encryaption.
1
Elasticity increases service
Adjusting elasticity based on needs and expaning API application provies banking and financial industries more flexibility in using financial information and publishing API.
2
TPI digiRunner helps create strategies for API platforms, allowing banks to be more flexible.
TPI digiRunner helps create strategies for API platforms, allowing banks to be more flexible.
Keeping the users close
Graphical interfaces that are user friendly provides complete API managing analysis report.
3
Service security stable
Platforms have flow rate controls, cancelation of repeating transaction such unique mechanisms, to nsure service security stability is uninterupted.
4
TPI digiRunner helps create strategies for API platforms, allowing banks to be more flexible.
Rich experienced examples
Native Taiwan manufacturers, riding on multiple years of service experiences, collecting industrial, law and science opinions, providing a complete API managing consulting experience.
5