Architecture

WSO2 Open Banking supports a technology stack that banks need in order to become PSD2 compliant and digitally transformed. It leverages five key technology areas critical to a banking infrastructure—API Management, Identity and Access Management, Integration, Analytics and Business Insights, and Fraud Detection bundled together to form a componentized architecture. This offers the flexibility to reuse the existing infrastructure so that the banks only need to obtain the components that are not available in their current infrastructure. 

Let's learn more about each of these technology areas. 

API Management

The WSO2 Open Banking API management component enables securely exposing data to third parties via APIs. This enables banks to grant third-party providers (TPPs) with access to customers' account data and the ability to initiate payments with the customers' consent.  The API design time supports comprehensive API management capabilities that enable designing and documenting APIs in compliance with popular open banking specifications as well as custom templates. It supports a fully-fledged API lifecycle management functionality along with version management. API publishers can publish APIs as prototypes in the developer portal. API consumers can invoke prototype APIs without subscribing to them and provide feedback. After incorporating the consumer feedback the APIs can be published to the developer portal. Once TPP onboarding is completed, API consumers can subscribe to published APIs and use them in their banking applications. Token validation, scope validation, and fine-grained access control ensure API security that prevents unauthorized API calls. 

Identity and Access Management

The WSO2 Open Banking identity and access management component enables comprehensive security mechanisms to prevent unauthorized access to APIs and secured data. The strong customer authentication (SCA) module enables banks to authenticate the customers who are requesting to access account data via an AISP and the customers who are requesting to initiate a credit transfer via a PISP.  Once authenticated, the user consent management module facilitates banks to obtain the customers' consent to proceed with the initiation request. In order to improve the user experience and reduce the friction between the bank and the customer/PSU, the transaction risk analysis (TRA) module identifies the scenarios where SCA is necessary and feeds that information to the adaptive authentication module. The adaptive authentication module thereby adjusts the authentication strength and enforces SCA only when it is necessary.

Integration

The WSO2 Open Banking integration component provides required integration points to integrate with core banking systems, banking applications, and any other required third-party systems including legacy systems.

Analytics and Business Insights

The WSO2 Open Banking analytics and business insights component enables monitoring and recording of API-level usage activity to ensure that the API owners have full awareness of the APIs, applications, and the subscriptions. It also supports business KPI dashboards with business intelligence and insights on usage trends as well as custom business insights on the account and payment flows. The decision makers of banks can use these statistics to align the business to better suit the customer needs and ultimately increase profits.  The configurable alerting module enables informing the necessary parties of abnormal behavior, e.g., API failures, a sudden increase in the response time of APIs, and a change in the API resource access pattern.

Fraud Detection

The WSO2 Open Banking fraud detection component enables banks to detect known anomalies, unknown anomalies, and anomalous event sequences by carefully monitoring the API calls related to account and payment initiations. The fraud scoring system enables the reduction of false positives. The module also supports analysis and further investigations by identifying complex relationships between the associated entities.