This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Architecture

WSO2 Open Banking has a technology stack that banks need digitally transform and become regulatory compliant with Payment Service Directive 2 (PSD2) and Consumer Data Right (CDR). It leverages five key technology areas critical to a banking infrastructure—API Management, Identity and Access Management, Transaction Risk Analysis, Fraud Detection, and Integration bundled together to form a componentized architecture. This gives the flexibility to reuse existing infrastructure, and banks only need to obtain the components that are not available in their current infrastructure. 

Let's learn more about each of these technology areas. 

API Management

The WSO2 Open Banking API management component allows banks to securely expose data to third parties via APIs. This enables banks to grant third-party providers (TPPs) with access to customers' account data and the ability to initiate payments with the customers' consent. The API design time supports comprehensive API management capabilities that enable designing and documenting APIs in compliance with popular open banking specifications as well as custom templates. It supports a fully-fledged API lifecycle management functionality along with version management. API publishers can publish APIs as prototypes in the developer portal. API consumers can invoke prototype APIs without subscribing to them and provide feedback. After incorporating the consumer feedback, the APIs can be published to the developer portal. Once TPP onboarding is completed, API consumers can subscribe to published APIs and use them in their banking applications. Token validation, scope validation, and fine-grained access control ensure API security that prevents unauthorized API calls. 

Identity and Access Management

The WSO2 Open Banking identity and access management component enables comprehensive security mechanisms to prevent unauthorized access to APIs and secured data. The Strong Customer Authentication (SCA) module enables banks to authenticate the customers who are requesting to access account data via an AISP and the customers who are requesting to initiate a credit transfer via a PISP. Once authenticated, the user consent management module facilitates banks to obtain the customers' consent to proceed with the initiation request. In order to improve the user experience and reduce the friction between the bank and the customer/PSU, the Transaction Risk Analysis (TRA) module identifies the scenarios where SCA is necessary and feeds that information to the adaptive authentication module. The adaptive authentication module thereby adjusts the authentication strength and enforces SCA only when it is necessary.

Analytics 

The WSO2 Open Banking Business Intelligence component enables monitoring and recording of API-level usage activity to ensure that the API owners have full awareness of the APIs, applications, and subscriptions. It also supports business KPI dashboards with business intelligence and insights on usage trends as well as custom business insights on the account and payment flows. The decision makers of banks can use these statistics to align the business to better suit the customer needs and ultimately increase profits. The configurable alerting module enables informing the necessary parties of abnormal behaviour, e.g., API failures, a sudden increase in the response time of APIs, and a change in the API resource access pattern.

Transaction Risk Analysis

Transaction Risk Analysis is a method that observes the counterparties and attributes involved in a particular transaction in order to prevent, detect and block possible fraudulent behaviour. PSD2 has additional requirements for minimizing these threats of fraudulent actions that have been on the rise with the advent of new technology. To maintain the balance between user experience and Strong Customer Authentication, some additional measures have been introduced via real-time Transaction Risk Analysis and Fraud Detection during authorization. State-of-the-art identity and access management capabilities such as adaptive authentication have made this process easy by enabling the system to adapt to changing behaviours of fraud. 

Fraud Detection

The WSO2 Open Banking Fraud Detection feature enables banks to detect known anomalies, unknown anomalies, and anomalous event sequences by carefully monitoring the API calls related to account and payment initiations. The fraud scoring system enables the reduction of false positives. The module also supports analysis and further investigations by identifying complex relationships between the associated entities.

Integration

The WSO2 Enterprise Integrator provides required integration points to integrate with core banking systems, banking applications, and any other required third-party systems including legacy systems.