From Walled Gardens to Open Ecosystems
For decades, a consumer’s financial data—transaction history, account balances, credit behavior—was locked inside their bank’s proprietary systems. Banks treated this data as a competitive moat, refusing to share it with third-party services that could offer better lending rates, budgeting tools, or investment advice.
Open banking regulations have shattered this model. The EU’s PSD2, the UK’s Open Banking Implementation Entity, and Australia’s Consumer Data Right all mandate that banks expose customer data through standardized APIs, with the customer’s explicit consent. This transforms financial data from a private asset of the bank into a portable asset of the consumer.
The Technology Behind Open Banking
Open banking APIs are built on a stack of modern web standards:
- OAuth 2.0 and OpenID Connect for authentication and consent management
- RESTful JSON APIs for data access with standardized schemas
- Mutual TLS for secure machine-to-machine communication
- FAPI (Financial-grade API) security profiles for enhanced protection
The result is a secure, consent-based data-sharing framework where consumers can connect their bank accounts to budgeting apps, lending platforms, and investment advisors without sharing passwords or scraping screens.
The Next Frontier: PSD3 and Variable Recurring Payments
PSD3, expected to take effect in 2026, will introduce Variable Recurring Payments (VRP) as a mandated capability. This allows third-party providers to initiate recurring payments directly from a consumer’s bank account—bypassing card networks entirely. The implications for subscription businesses, bill payments, and merchant acquiring are profound.
