Your Comprehensive Glossary
for Financial Innovation

Let’s unlock the world of Open Banking

AISP stands for Account Information Service Provider. Under regulations like the Revised Payment Services Directive (PSD2) in the European Union, AISPs are third-party providers that offer services to aggregate and consolidate financial information from different banks or financial institutions into a single interface or application.


An application programming interface is a way for two or more computer programs or components to communicate with each other. It is 
a type of software interface, offering a service to other pieces of software.

Challenger bank

A challenger bank is a type of financial institution that competes with traditional banks, typically offering innovative products, services, and technology-driven solutions. These banks often challenge the status quo of the banking industry by providing a more customer-centric approach, lower fees, better user experiences, and advanced digital capabilities.


The Client Initiated Backchannel Authentication (CIBA) defines a protocol to support initiating authentication without user interaction from a Consumer Device.

Consent management

In the context of Open Banking, consent management refers to the process of obtaining and managing customer consent for the sharing of their financial data with third-party providers (TPPs). Consent is a fundamental principle of Open Banking, as it ensures that customers have control over their data and can choose which third parties can access it.

Cyber Essentials

The Cyber Essentials certification badge signals to customers, investors and those in the supply chain that an organisation has put the Government approved minimum level of cyber security in place and can be trusted with their data and business.

Data aggregation

Data aggregation refers to the process of collecting, combining, and summarizing data from multiple sources into a single coherent dataset or repository. It involves gathering raw data from various disparate sources, such as databases, files, applications, or external APIs, and transforming it into a unified format for analysis, reporting, or other purposes.


Decentralized Finance, often abbreviated as DeFi, refers to a financial system built on blockchain technology that aims to recreate traditional financial services in a decentralized manner, without the need for intermediaries such as banks or brokers.


Access Management (IAM) is a service that helps you securely control access to AWS resources.

Financial inclusion

Financial inclusion refers to the accessibility and availability of financial services and products to all individuals and businesses, especially those who are traditionally underserved or excluded from the mainstream financial system.


KYC stands for “Know Your Customer.” It is a process that financial institutions and other regulated entities use to verify the identity of their customers and assess their suitability for certain products or services. KYC procedures are designed to prevent financial crimes such as money laundering, terrorist financing, and fraud by ensuring that businesses have accurate and up-to-date information about their customers.


OAuth 2.0 is an authorization protocol and is designed primarily as a means of granting access to a set of resources.

Open banking

Open banking allows trusted third parties to access financial information from banks and other financial institutions, but only with the costumers explicit consent. This gives customers more control over their data so it can be used securely to help them move, manage and get more out of their money in a simple way.

Open banking ecosystem

The term “Open Banking Ecosystem” refers to a network of interconnected financial institutions, third-party providers (TPPs), developers, regulators, and consumers that collaborate within an open and standardized framework for the sharing of financial data and the provision of financial services.

Open finance

Open finance aims to create a more interconnected and accessible financial ecosystem by facilitating the exchange of data and services among various financial institutions, fintech companies, and other third-party providers. This includes not only banking data but also data related to investments, insurance, lending, payments, and more.


OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation.


PISP stands for “Payment Initiation Service Provider.” It is a type of third-party provider (TPP) regulated under the Payment Services Directive 2 (PSD2) in the European Union. PISPs offer services that enable customers to initiate online payments directly from their bank accounts without the need for a credit or debit card.


PSD2 is the revised Payment Services Directive. It is a European Union directive that aims to regulate payment services and promote competition, innovation, and security in the European payments market. PSD2 was adopted by the European Parliament in 2015 and became applicable in EU member states in January 2018.


A person or body that supervises a particular industry or business activity.


RegTech, short for Regulatory Technology, refers to the use of technology, particularly software solutions, to help companies comply with regulatory requirements more efficiently and effectively. It encompasses a variety of tools and platforms designed to streamline regulatory processes, automate compliance tasks, and manage regulatory risks.


A REST API (also known as RESTful API) is an application programming interface that conforms to the constraints of REST architecture.


SaaS stands for “Software as a Service.” It refers to a software delivery model where software is hosted centrally on the cloud and made available to users over the internet. With SaaS, users can access the software through a web browser without needing to install or maintain it on their local devices.


SCA stands for “Strong Customer Authentication.” It is a regulatory requirement introduced under the Revised Payment Services Directive (PSD2) in the European Union. SCA mandates that customers must undergo multi-factor authentication when initiating electronic payment transactions or accessing their payment accounts online.

Screen scraping

Screen scraping is a technique used to extract data from the display output of another program, typically a website or a software application. It involves programmatically accessing and capturing the visual information displayed on a screen and then parsing and processing it to extract the desired data.

In the context of banking and finance, screen scraping has been historically used by third-party financial apps and services to access account information from online banking websites or mobile banking apps. These applications mimic human behavior by simulating keystrokes, mouse clicks, and data extraction from the user interface of the banking platform.

SIT tests

System Integration Testing – System integration testing involves the overall testing of a complete system of many subsystem components or elements. The system under test may be composed of electromechanical or computer hardware, or software, or hardware with embedded software, or hardware/software with human-in-the-loop testing.


SOC 2 stands for Service Organization Control 2. It is a framework for assessing and reporting on the controls relevant to security, availability, processing integrity, confidentiality, and privacy of a service organization’s systems and data.

Standards compliant

The practice of adhering strictly to published standards.


TPP stands for “Third-Party Provider.” In various contexts, such as finance or technology, a TPP refers to a third-party service provider that offers services or solutions to customers or businesses. These services could range from financial services like payment initiation or account information retrieval in the context of Open Banking, to technology services such as cloud computing, software development, or consulting.

UAT tests

User Acceptance Testing – User Acceptance Testing (UAT), or application testing, is the final stage of any software development or change request lifecycle before go-live.

Yarn audit

A yarn audit checks for security issues within installed technology.