For a better browsing experience and to benefit from all the features of credit-agricole.com, we advise you to use the Edge browser.
Main menu Go to content Footer
  • Text Size
  • Contrast
IT News

LCL :Open-Banking and the various services available to TPPs

Published at 11 Mar 2022 - Updated at 8 Jul 2024

Banking today is an ever-growing sector. Open Banking has become a requirement for banks since January 2018. What is this really about ?

PSD2 and Open Banking 

In recent years, the banking industry has been facing the emergence of new digital incomers:? these include "fintechs" (financial technology) and GAFAs (Google, Amazon, Facebook and Apple). 

This change in the banking sector is taking place within a new legal context, that of the second Payment Services Directive (PSD2). It came into force on 13 January 2018 in Europe and paves the way for Open Banking: a strategy to encourage banks to open up their information systems to stimulate competition and innovation in the sector. 

One of the aspects of PSD2 therefore relates to the opening of the market to new payment providers. This involves giving them access to payment account information via secure communication channels: APIs. 

It is important to define what an API is.??An Application Programming Interface (API) is a structured way for third-party applications to expose internal services or data.?We speak of Open API, when the APIs are exposed to third parties outside the structure: TPPs. 

Figure 1 provides a schematic representation of how Open APIs serve as an interface between third-party payment providers (TPPs) and banks (ASPSPs): 

Figure 1:?API-based interfacing architecture for Open Banking (source: Galitt and DS Avocats’ White Paper - Open Banking) 

Services available to TPPs 

A TPP is a third-party service provider that can offer the following three services under PSD2: 

  • A payment initiation service (PISP: Payment Initiation Service Provider) initiates a payment order at the request of a user from a payment account held with a bank (ASPSP[1]: Account Servicing Payment Service Provider); 
  • An account information service (AISP: Account Information Service Provider) aggregates information about one or more payment accounts held by a user with one or more other banks (ASPSP). 
  • A card-based payment instrument issuing service?(CBPII: Card-based Payment Instrument Issuer) is used to check the availability of funds in a customer's current account in real time. 

[1]?An ASPSP is a financial institution (usually a bank, a fintech, etc.) where a user has a payment account and from which the user can initiate a payment. An ASPSP must hold a payment institution (PI) licence. 

The opening of the market to these three new payment services therefore opens the possibility for a third party (TPP) to act as an intermediary between a user and a bank (ASPSP). 

The diagram (Figure 2) how a payment initiation service (PISP) works under PSD2. 

Figure 2: Planned functioning of a PISP according to PSD2 (source: Galitt and DS Avocats’ White Paper - Open Banking) 

This situation (Figure 2) is likely to arise in the case of a payment on an e-commerce site. At the time of payment, customers will be able to choose to use a PISP (e.g. Lydia) alongside the traditional methods (Debit Card/Visa/Mastercard). If the customer chooses this method, he/she must first authorise the PISP to access his/her account. To do this, they simply need to authenticate themselves with their bank. 

At LCL, with the PSD2-Chantier3 Project (SNI/BPI), we are working on the design of these dedicated interfaces (PSD2 APIs) so that third-party payment providers (TPPs) can deliver their aggregation or payment initiation services.

In order to comply with this regulation, we must therefore offer authorised Third-Party Payment Providers (TPPs) to access  the payment accounts of our joint customers. 

This access is made in a secure way, as the PSD2 also lays down that TPPs must: 

  • Be approved by a National Competent Authority (NCA), a national supervisory body (e.g. the ACPR in France or the CSSF in Luxembourg); 
  • Use two eIDAS certificates to establish connections to the APIs (QWAC certificate) and sign their requests (QSEAL certificate). 

Three?DSP2?APIs?are currently in production?at LCL:? 

  • API Set-Up: allows a TPP to register to use our AISP and PISP APIs 
  • API AISP - Private & Business: allows a TPP to aggregate LCL accounts for the RETAIL CLI/CLA market 
  • API PISP - Private & Business: allows a TPP to initiate transfers for the RETAIL CLI/CLA market 

More than twenty TPPs have already integrated our LCL DSP2 APIs, including Linxo and Bankin' (the main French TPPs), Sofort/Klarna (Germany) and Tink (Sweden). 

We still plan to release three new APIs: 

  • AISP - Business & Corporate?(development completed and in the process of functional validation - production launch planned for end Q1 2022): will allow a TPP to aggregate LCL accounts for the PRO and ENT markets. 
  • PISP - Business & Corporate (in the design phase): will allow a TPP to initiate transfers for the PRO and ENT market. 
  • CBPII: will enable a TPP to check the availability of funds in an LCL customer's current account in real time. 

Below is the link to our API store. This is where we publish all the technical documentation (swaggers) needed by TPPs to integrate our APIs :

https://developer.lcl.fr/

For more information on the subject, please contact Samir Gomri (SNI/BPI) 

If you wish to exercise your right to object to the processing of personal data for audience measurement purposes on our site via our service provider AT internet, click on refuse