Що пропонує Golden Dimension?

Ми глибоко переконані в тому, що знайдені нами шляхи вирішення проблем наших клієнтів є найкращими з огляду як на потреби кожного окремого клієнта, так і на існуючі пропозиції на ринку. Незалежно від поставленої задачі:  модернізація існуючої опції або розробка повністю нової бізнес-моделі – комплексні рішення і багаторівнева співпраця на етапі розробки і впровадження гарантують досягнення очікуваних результатів.

Multibanking

Multibanking

The Multibanking Service provides authenticated access to a users bank account. With validated online-banking credentials, the user can authorize an application to fetch transaction data, prepare and display it. Furthermore, it is possible to test the functionality of this project not only with real data, but also with mock data. The mock data can be set up by the user and acts just as real data.

Banking Gateway

Banking Gateway

The Banking Gateway offers Third Party Providers all common PSD2 Specifications like Berlin Group Open Banking and STET.Third Party Providers and their users can therefore use the Banking Gateway to query account information as well as to initiate payments.

The Banking Gateway handles all the XS2A authorization processes for transactions and consents. It provides the uniform interface for TPPs, such as personal finance services (for example account information and payment initiation services).

Datasafe

Datasafe

Datasafe – flexible and secure data storage and document sharing using cryptographic message syntax for data encryption.

Security of data is a major issue that needs to be addressed. For large commercial organizations, data security is not only an option, but needs to be provided by law. Losing sensitive data by hack attacks or even natural disasters or physical theft can have severe consequences for a company, possibly crippling the entire organization. Regarding the EU legislation of 2015, organizations can face a fine of up to 100 Million euro or 5% for your global turnover.

The framework helps users to securely manage user data on the top of a blob storage. Any type of file and any size can be stored on any server, shared and retrieved by the user.

Since the data is stored in encrypted form, it is protected from unauthorized access.

PSD2 Accelerator

PSD2 Accelerator

The PSD2 Accelerator is a sandbox environment that fully meets the PSD2 requirements for providing APIs for Third-Party Providers (TPP). Based on the Berlin Group’s NextGen PSD2 specification for access to accounts (XS2A), you meet the regulatory requirements without having to connect your systems.

Our solution is available as open source software, free of charge to operate in your own environment or from early 2019 also as SaaS solution via Cloud.

XS2A-Adapter

XS2A-Adapter

The XS2A Adapter is a service component for multi-banking applications. On the one hand, you can interact with the adapter through an own interface based on the Berlin Group specification. On the other hand, the adapter can communicate with different PSD2-interfaces from various banks in Germany and Europe. Our solution is open source and free of charge. It can easily be embedded in your application using either a Java or a REST client. With the help of a growing community, our adapter is kept up-to-date regarding the changes on the XS2A interfaces of the banks. Furthermore, as part of our product vision, a core team will be interacting with the community in order to keep connecting new banks to the adapter.

XS2A

What is the XS2A?

З моменту прийняття Європейською Радою Другої Платіжної Директиви (PSD2), постало питання щодо втілення усіх передбачених вимог. Головною ціллю стала розробка та використання інтерфейсу для доступу до рахунків клієнтів – Access to Account Interface або скорочено XS2A Interface.

Серед іншого PSD2 містить регуляцію нових сервісів, що надаватимуться третіми особами-постачальниками послуг (TPP – Third Party Payment Service Providers) від імені клієнта (PSU – Payment Service User). Ці нові сервіси включають в себе:

  • Сервіс проведення платежів (Payment initiation Service)
  • Сервіс з надання інформації по рахункам клієнта (Account Information Service)
  • Підтвердження наявності коштів на рахунку (Confirmation of the Availability of Funds Service).

Для надання нових фінансових послуг провайдери (далі по тексту TPP) повинні мати доступ до рахунків клієнтів (далі по тексту PSU), утримання та керування яких зазвичай здійснюється іншим учасником фінансового ринку – провайдером з надання платіжних послуг, тобто банком (Account Servicing Payment Service Provider – ASPSP).

Як бачимо з малюнку нижче, банк має надати інтерфейс (так званий PSD2 compliant Access to Account Interface або скорочено XS2A Interface), який TPP буде використовувати для необхідного доступу до рахунків, що регулюється Директивою PSD2.

Наша компанія ТОВ Голден Дайменшин разом з німецьким партнером adorsys.de, займається розробкою Open-Source продуктів, та має неоціненний досвід з впровадження та підтримки власного рішення XS2A інтерфейсу. Наразі вже 53 Європейські банки використовують наш XS2A interface, разом з пісочницею для тестування (Dynamic Sandbox), Коннектором (XS2A Connector) та Адаптером (XS2A Adapter) для інтеграції в свої робочі системи.

Це відкриває перспективи перед нашими партнерами та клієнтами мати відкриті інтерфейси, що відповідають Другій платіжній директиві (PSD2 compliant), а також першими отримувати передові рішення в розробці програмного забезпечення та постійну підтримку на будь-якому етапі впровадження.

 

Since the adoption by the European Council of the Second Payment Directive (PSD2), the question arose about the implementation in order to meet all of the requirements. The main goal was to develop and use Access to Account Interface or XS2A Interface for short.

 

Among other things, PSD2 includes the regulation of new services provided by Third Party Payment Service Providers (TPP) on behalf of the client (PSU-Payment Service User). These new services also include:

  • Payment Initiation Service
  • Account Information Service
  • Confirmation of Availability of Funds Service.

To provide new financial services, providers (hereinafter referred to as TPP) should have access to client accounts (hereinafter referred to as PSUs), maintenance and management, usually performed by another financial market participant, the Payment Service Provider, the Bank (Account Servicing Payment Service Provider – ASPSP)

As we see from the figure below, the bank must provide an interface (called PSD2 compliant Access to Account Interface or XS2A Interface for short) that TPP will use for the required access to accounts, regulated by the PSD2 Directive.

LLC Golden Dimension together with our German partner adorsys.de, develop Open-Source products, and has priceless experience in implementing and maintaining its own XS2A interface solution. Currently, 53 European banks are using our XS2A interface, along with a testing sandbox (Dynamic Sandbox), Connector (XS2A Connector) and Adapter (XS2A Adapter) for integration into their operating systems.

This opens up prospects for our partners and clients to have open interfaces that comply with the Second Payment Order (PSD2 compliant), and are the first to get advanced software development solutions and ongoing support at any stage of the implementation.

XS2ASandbox

XS2ASandbox by adorsys GmbH & Co. KG and LLC Golden Dimension

The Payment Service Directive 2 (PSD2) instructs banks (those who play role of Account Servicing Payment Service Providers or ASPSPs) to provide a fully productive Access-to-Account (XS2A) interface to Third Party Providers (TPPs) until September 2019. XS2A itself consists of banking services to initiate payments (PIS), request account information (i.e. art of account, balances or transactions) (AIS) and get the confirmation of the availability of funds (PIIS). In order to guarantee the compliance to this deadline due to adaptations and bugs, PSD2 forces the banks to provide a functional dynamic sandbox offering the same XS2A interface in a non-productive environment 3 months upfront (this time – until 14-th of June 2019).

Understanding the importance to banks of implementing this roadmap, adorsys GmbH & Co. KG, together with LLC Golden Dimension, released open sourced (published under Apache license) version of XS2A Service (https://github.com/adorsys/xs2a) and corresponding Sandbox (https://github.com/adorsys/XS2A-Sandbox) that fully meets PSD2 requirements.

What is the adorsys XS2ASandbox? It’s a dynamic sandbox environment that fully meets the PSD2 requirements for providing APIs to Third-Party Providers (TPP). Based on the Berlin Group’s NextGenPSD2 specification for access to accounts (XS2A) interface, XS2ASandbox meets all the regulatory requirements.. XS2ASandbox is open Source out-of-the-box solution, that can be installed in one click and run with one command. As a full member of NISP (NextGenPSD2 Implementation Support Program – https://nisp.online) we provide a NISP compliant solution. This also proves that this solution Is also PSD2 compliant.

Our XS2ASandbox is available by this link: https://github.com/adorsys/XS2A-Sandbox

For whom is it useful? Banks to be PSD2 compliant and TTP to be able to test the interaction of their own products with Banks interfaces that correspond to the Berlin Group’s NextGenPSD2 implementation guideline. This means – 75% of Banks in EU.

What is inside?

XS2ASandbox is a dynamic sandbox environment: you can create users, payments and consents, play with data for testing purposes, simulating the transactions and access to accounts.

XS2ASandbox contains all modules a bank needs to be PSD2 and NISP compliant:

–      Developer portal with detailed manuals to get started and work with the Sandbox.

–      XS2A Interface,

–      Real clearing emulation (Ledgers)

–      TPP-UI for managing accounts and users

–      Online banking UI for testing,

–      Test Trust Certificate Provider

Developer portal

Developer portal is a complete guide on how to run and use XS2ASandbox.

It has information on how to get started, how to test services with typical testing flows, answers to frequently asked questions and main information about the product.

XS2A Interface

  • XS2A-Service is an implementation of NextGenPSD2 XS2A Specification of Berlin Group. All mandatory API endpoints defined in Berlin Group specification are implemented.
  • Consent Management System is the system intended to store and manage consents given by PSU to corresponding TPPs.
  • ASPSP-Profile is a module to store and read ASPSP-specific settings. Can be simply configured in XS2ASandbox.
  • XS2ASandbox always uses the latest version of XS2A Interface, CMS and ASPSP-profile (now 3.x). This means that you can use XS2A components for your real productive solution and have the Sandbox for this solution automatically.

Ledgers

·      You can execute a transaction, payment or consent, create user and accounts.

·      All payment types we have in xs2a are supported (single, periodic, future dated, bulk).

·      Payment execution is supported. Scheduler for payment execution can be configured and customized.

·      Payment cancellation is supported.

·      Special access for TPP to manage accounts and users.

TPP-UI

  • TPP registration.
  • TPP Certificate Service for testing.
  • User interface to manage accounts and users.
  • Test data can be uploaded in .yaml file.
  • Test data can be generated in TPP-UI:

·      Predefined .yaml file for tests is based on NISP documentation.

·      35 users and 51 accounts are created for TPP.

Online Banking

Online banking is a user interface, which helps users to provide a consent or a payment confirmation directly to a bank. Online banking is accessible via links from XS2A Interface responses.

How to use XS2ASandbox

Step 1. Read «Getting started» manual

Step 2. Download, install and run XS2ASandbox

Step 3. Read «Testing flows» and start testing!

With dynamic sandbox TPP UI you can access banking API directly, get TPP certificate and manage testing accounts. The developer portal contains testing instructions and all needed test-cases. All XS2ASandbox services can be installed and run in one simple command. Two main SCA approaches are supported: REDIRECT and EMBEDDED. For redirect approach online banking demo UI can be used.

DEMO environment

We provide a public XS2ASandbox environment, where everyone can play with the described above functionality:

Developer portal:

https://demo-dynamicsandbox-developerportalui.cloud.adorsys.de/

XS2A interface

https://demo-dynamicsandbox-xs2a.cloud.adorsys.de/

Ledgers

https://demo-dynamicsandbox-ledgers.cloud.adorsys.de/

TPP-UI:

https://demo-dynamicsandbox-tppui.cloud.adorsys.de/login

Scope of integration project for ASPSPs

Only few steps needed to integrate XS2ASandbox to ASPSP:

·      Install of test root certificate.

·      Provide SSL-connection termination at the Gateway that checks the certificate.

·      Adjust styling for all UIs (TPP UI, Developer portal and Online Banking).

·      Make adjustments for manuals in developer portal.

·      Make adjustments for ASPSP-profile and test examples.

Adorsys and Golden Dimension are ready to provide you such services to make your ASPSP solution PSD2 compliant.

Scope of integration project for TPPs

  • Install a gateway to banking interface. Here also our XS2A Gateway product (https://github.com/adorsys/xs2a-gateway) could help you.
  • Install Dynamic Sandbox in your environment
  • Start testing your own solution with the Sandbox.
  • Install a solution for GDPR compliant storage of personal information that you will get via XS2A Interface. Here our product DataSafe (https://github.com/adorsys/datasafe) could help you.

Need more information?

LLC Golden Dimension and adorsys GmbH & Co. KG have an impressive experience in PSD2 requirements . We  are proud that 53 Banks are already using XS2A interface. We can help others to be PSD2 complaint too. Just contact us 😉

Qwac Assessor

Qwac Assessor

Software solution that makes authorization and authentification to TPP based on his certificate offline. In accordance with the EU PSD2 Directive, registered Third Party Providers (TPPs) are authorized to access customer bank accounts as well as execute payments. The regulatory standards require processing of transactions via secure channels, in order to protect data in terms of authenticity and confidentiality.

In order to meet the PSD2 security requirements, banks and TPPS Account Information Service Providers, use qualified QWAC certificates and electronic seals. These serve as authentication for authorized access to sensitive customer data.

The provision of a public interface requires banks to check every request from a Third Party Provider from the outset, in order to protect the information of their customers. However, identity and authorization are confirmed by different entities. Therefore, there is the risk that a bank may well have identified the Third Party Provider correctly, but that TPP’s authorisation for certain services is no longer valid.

Therefore, any request from a Third Party Provider requires a two-part check to prevent the following dangers:

• Unauthorized access, and as a result disclosure of sensitive information
• Unauthorized initiation of payments

The validity of the certificates is subject to constant changes and adjustments, which have to be updated daily in your system. The Qwac Assessor can be run as a standalone web service or it can be integrated into an API gateway.