Auka enables compliant and care-free hosting of the required APIs that banks must expose to third parties, as required by PSD2.
The API hosting service features vendor approval and management, making sure that only requests from approved AISP and PISPS and equivalent regulated entities are enrolled and granted API access. Auka also performs API monitoring and billing for API service usage.
The platform features customer consent (mandate) collection and storage (Identification and authentication) and chargeback processing tools.
Payment initiation services
With our payment initiation service, and with a user’s consent, you can debit the bank account of any individual, via our API. Transaction processing is configurable so that your scheme may be the intermediary for transactions or if you choose, perform pure account-to-account transactions.
Account information services
With our account information services and with a user’s consent, banks can aggregate all the accounts of a user, providing customers who bank with multiple financial institutions a consolidated view of their finances.
This includes account names, numbers, balances and transaction history. Account aggregation also enables banks to better position themselves as the primary financial institution and gradually grow their share of the customer’s wallet.
Critical to the secure provisioning of access to bank accounts is the enrollment and validation of third parties. Auka has built systems and processes that manage enrollment, identification, authentication and FSA-compliant anti-money laundering (AML) controls for years.
We have applied the same logic to our PSD2 vendor approval process, making sure only licensed and approved entities get the appropriate access to our services.
With open APIs and third party access to critical systems, the volume of traffic grows, and financial information and payment initiation services are subject to new forms of security threats. As part of our PSD2 API hosting service, Auka provides API monitoring.
With a combination of automated and human efforts we will provide API status information and proactively work to mitigate the risk of denial of service attacks. The status of the APIs and its historical performance is made available to the access grantor.
As the issuer of API access to third parties, you are entitled to charge the API consumer (the third party) a fee for API and service usage. The pricing of such is regulated and should reflect the actual cost of producing the service.
As the PSD2 API hosting provider, Auka will perform billing on your behalf toward the third party and ensure collection and settlement according to the pricing structure configured.
Access to accounts and processing of payment initiation orders are subject to consent given by the account owner. Auka provides an OAuth-based mandate handler where account operator, account owner and the third party can exchange the necessary permissions and credentials.
Disputes can be captured, processed and finalised by banks using the bank console licensed from Auka.