IT Smart Systems officially launches the public beta version of Smart Payment Gateway – SmartPG. One of the most performant PSD2 Integration Hub in the country, SmartPG is designed to facilitate consumers’ access (regulated third-party providers, or TPPs) to the banks exposed APIs in a simple, secure, unified, and aggregated manner. The hub facilitates the contribution of fintechs with innovative ideas to the creation of an easy context of integration in the PSD2 space.
The company invites all those interested in accessing the Hub’s portal and feedbacking the experience.
“Smart Payment Gateway provides upgraded and highly secure solutions compared to the traditional banking system as it impacts not only the financial institutions but also the end consumer in a positive manner. The Hub’s portal is open for both fintech start-ups and financial institutions to accelerate innovation and lower the entry barrier into PSD2 space”, states Cristian Barbu, Managing Partner of IT Smart Systems.
SmartPG – the innovative PSD2 orchestrator in Romania
From the implementation point of view, the Romanian banks follow the Berlin Group Standards and Regulations; nonetheless, there are still significant disparities.
Smart Payment Gateway has integrated and normalized access to the most important banks in Romania (such as BRD, BT, BCR, and ING in the first phase, followed by CEC Bank, Raiffeisen), and Revolut.
The Hub is compliant with Berlin Group Standards and Regulations, it is technology agnostic (can be integrated with any Platform, as it is API based), and innovates by providing:
- unified and secured access to PSD2 interfaces via a single API entry-point,
- elastic workload and enhanced resilience by the use of IBM Cloud API Connect,
- secure storage of secrets and client certificates using FIPS-compliant services in IBM Cloud,
- easy onboarding and management of connectivity to API endpoints across all the integrated financial institutions
Using this cloud-native Hub, the TPPs will, thus, be able to access a broad range of financial data from banks across Romania through a single integration, cutting development costs, increasing time-to-market, and minimizing the impact of estimated infrastructural adjustments.
Security – the vital component of financial services
One of the main challenges in implementing and adopting PSD2 is securing TPPs’ access to data related to accounts, balances, transactions, and payment initiation. While the existing model of direct interaction User – Digital Banking Service ((Mobile Banking, Internet Banking) is simpler to secure, the new PSD2 model (involving a third party) is complex and raises additional vulnerabilities to address. Therefore, security controls should be implemented on and in many information layers (transport, application, access channel, perimeter layers) and should include:
- Mutual TLS authentication
- Confidentiality – transport encryption for data in transit
- Integrity (preventing corruption of messages sent)
- Authorization (real-time validation of the TPP as being authorized to initiate PSD2 transactions)
- Customer authentication (SCA) – using at least two factors
- Actions authorization by keeping a unique link between the TPP, the User, and the transaction (payment or account data request) for each transaction
- IT Smart Systems granted a particular emphasis on the security component, as protecting the consumer’s identity is vital in financial services.
IT Smart Systems granted a particular emphasis on the security component, as protecting the consumer’s identity is vital in financial services. That is why, for SmartPG, the security standards implemented by banks are just the foundation for additional security levels implemented without impacting the overall customer experience.
“For SmartPG, the security standards offered by banks were just the foundation over which additional levels of security were implemented, without affecting the user experience,” said Ana Maria Georgescu, ITSS executive partner.
Building the future of financial services in Romania
Both banks and technology companies offering financial services (fintechs) form a dynamic ecosystem, rising strongly since 2018, aligning to the european standards and establishing the legal environment. The current year proved to aim at the final refinements and changes for the incubator tests. The banks’ developments’ actual stage makes 2021 the year of updates and maintenance – activities that any API consumer should absorb. Consequently, any entity offering financial-technology based products and services will have to remain present and connected with the inevitable updates and adjustments along the way.
The experience, the know-how regarding PSD2 implementations, and the innovation capacity will be differentiator drivers in this market. And maintaining the security component up-to-date and continuously aligning it to the newest standards and best practices is vital.
SmartPG is always evolving and improving. It is now available in a public beta version for the already integrated banks. The list extends continuously: IT Smart Systems aims to have integrated all the top 10 Romanian banks by the end of this year.
IT Smart Systems delivers the IT components of Digital Transformation programs, offering their customers open banking API solutions to bring new products and services into the market. Smart PG lies at the core of these solutions and encompasses ITSS know-how in the open banking and digital identity space.
“We are excited and curious about the PSD2 revolution, and the way it changed what 10 years ago was considered unchangeable. When we look at the non-EU areas and the countries we interacted with (Australia, Middle East, Brazil) – they have decided to adhere freely to the same changes. It is obvious that the snowball has started moving”, adds Ana Maria Georgescu, Executive Partner ITSS.