Account data sharing for a better customer experience
Account Information Services are a key part of open banking and PSD2. PSD2 is the EU's revised Payments Services Directive. It says that banks have to share account dataof account holders with regulated Account Information Service Providers (AISPs), provided that the account holders have given their specific consent. PSD2 also sets clear rules for these AISPs to ensure the security of the account holders.
The APIs of the account holding bank make it possible to share account data with AISPs. Firstly, the AISP presents a consent flow to the account holder in the KBC environment in order to get his or her consent to use the AIS. After that, the AISP can use the AIS API to plug the account holder's data into the third-party provider’s platforms. The result is a far better customer experience.
Who uses AIS?
The users of AIS APIs are developers of:
Regulated, licensed third-party providers
Account Information Service Providers (AISPs)
Particularly, the AIS APIs allow AISPs to build their own services or products based on the data the customer has shared with them.
How does this solution work?
Overall, the first step is the AISP's registration process with KBC. This then gives access to the AIS APIs.
To begin with, the user states that he or she wants to share his or her account data.
Secondly, the AISP leads the user to the KBC environment. There the user can explicitly give his or her consent for one or more specific account(s).
Thirdly, if the consent is successful, the user is redirected to the AISP.
The AISP can then call KBC to retrieve the data. KBC will only share data from a 90-day period prior to the consent date. After that, the AISP can repeat this action 4 times a day for 90 days. After 90 days, the user needs to reconfirm his or her consent. In that case, it is necessary to repeat steps 1 to 4.
It must be remembered that developers have to gain accreditation as third-party providers from the National Bank of Belgium. They also need to have a valid eIDAS certificate under PSD2, or prove that they have applied for one.
Before using the Account Information Service API, the developer has to deploy the Consent API to gain the end customer’s consent in the KBC environment.