Your Open banking or PSD2 interface goes live, and then? Then there is WTSS!

Over time we noticed that banks find it difficult to measure real uptime of their websites and PSD2 API interfaces. The PSD2 articles are clear and make no exceptions; these figures must be up-to-date and communicated to the competent authority.
There are several articles in the RTS relevant for Competent Authorities and interface owners; we focus on four of them where for each section we defined items that can be inspected, measured and reported to the project, management and the Competent Authorities.

Article 30; defines functionality
This article defines that both test and production instances are available and that the interface is secure. Next, the interface must support AIS and PIS functionality, it must have a working fallback option and must follow a commonly accepted granting flow.

Article 31; defines dedication for test and production

Article 32; Performance
In this article, it becomes more complicated. What is performance? What is available? What does the RTS mean with “Those interfaces, indicators and targets shall be monitored by the competent authorities and stress-tested.”?
For WTSS it starts with defining that reachableĀ does not meanĀ available!

In other words, you should focus on the real customer journey. For WTSS, this implies for websites: can the user log in, does the user see a correct balance and can the user create an order? Only if all questions can be answered positively, the customer journey is a success. For APIs we decided to go one step further! Not only do we measure the AIS and PIS steps, we also have found ways to incorporate the complete consent journey.
Due to this unique approach, we can start on any device (either mobile application or website) and begin a consent journey. The journey can also include authentication tokens that we will automate. Next, once the consent is given, we request the transaction data from the AIS interface or initiate transactions via the PIS interface. For each successful transaction, we can even start monitoring the End-to-End flow. End-to-End flow monitoring is not limited to book-to-book transactions only; with our large account footprint, we can measure between multiple banks. When running these customer journeys every couple of minutes, you have enough samples to prove a competent authority your interface is working.

Article 33; Fallback
When being monitored by WTSS, we can determine if there is an “incident indication for unplanned unavailability or systems breakdown based upon the five consecutive sessions with a maximum timeout of 30 seconds.” We can of course also identify availability and working of a fallback channel!

But wait, there is more!
Not only do we help you with the above articles, our solutions also give full insight into the integration of the API and allow your data to be used during verifications. The verifications can efficiently be executed by yourself! We added an entirely new segment to our existing portal to protect third-party information. Utilizing our YAPI App, you can even switch on FULL encryption to safeguard your data.

WTSS delivers the verification services together with banks and Competent Authorities; please join the discussions on how PSD2 needs to evolve!

 

As printed in the EBDay2018 newsletter