PSD2 & BankingSDK
Frequently Asked Questions
Why should I use BankingSDK instead of an aggregator?
Using an aggregator adds a 3rd party in the flow between you and the bank. In the long-term this is a technical, security and strategic error.
- Technically, if there is a workaround, adding an intermediary in a communication flow is just a nonsense: you had new point of failure, you add latency and you increase risks as the 3rd party is a concentration point where hackers will play.
- Strategically, aggregators are concentration point which means they are getting data from all their customers' users (PSU). Given the fact those aggregators are also developing apps and running AI algorythms on the data, you give them a competitive advantage.
- Security because you give the aggregator the rights to act in your name using your certificates. Each action performed by the aggregator towards a bank is done in your name.
Which are the different versions of your SDK?
Our SDK is delivered in two releases, one in Java 8 and one in .Net Standard.
What's done by the SDK?
BankingSDK's job is to connect you application (mobile, web or backend) directly to the banks' APIs.
We did the logic you could find in aggregator and we deliver you that logic into the SDK.
That way, there is no 3rd party company between you and the banks.
What do we need to use the SDK?
Well, of course the library, but you'll also need eIDAS certificates.
If your company is a registred TPP (Third Party Provider), you should be able to obtain those QWAC and QSEAL certificates from one of the authorized certification authorities.
Once you have the certificates, you'll be able to configure properly the SDK and connect directly to the banks.
Do we need to contact and contract with all banks?
No. Sending the certificates to the banks at the connection time allows the bank to indentify you as a TPP.