Skip to content
Unnax a powens group company
Get in touch
Unnax a powens group company
Get in touch
Unnax a powens group company
  • Products
    • Account Aggregation
    • Accounts & Wallets
    • Financial indicators
    • Payments
    • Identity Verification
  • Solutions
    • Money Movement
    • Customer Analytics
    • Regulation as a Service
  • Developers
  • More
    • About
    • Blog
    • PSD2
Menu
  • Products
    • Account Aggregation
    • Accounts & Wallets
    • Financial indicators
    • Payments
    • Identity Verification
  • Solutions
    • Money Movement
    • Customer Analytics
    • Regulation as a Service
  • Developers
  • More
    • About
    • Blog
    • PSD2

Account Aggregation

Everything about Account Aggregation

October 29, 2018

In 2019 PSD2 came into force in the EU and bank account aggregation has quickly become widespread across the continent.

We’re already seeing large banks such as BBVA and NatWest implementing it within their tech stack, and it’s only a matter of time before it’s considered the norm rather than the exception.

Due to its growing use, we thought it would be useful to shed a little light on what account aggregation is, how it works behind the scenes and why it’s useful for financial institutions, merchants, and customers.

What is account aggregation?

Account aggregation is the process by which a third party gathers financial information from one or more bank accounts, collects it in one place, and makes it available to other systems. It’s the first pillar of the Open Banking movement and essentially makes it easy to display financial data from different accounts in separate financial institutions in one place.

The technology has many applications, such as risk-oriented credit analysis, financial scoring, or making accounting easier for businesses by gathering data from all their accounts in a single location.

The data can be output in various formats, such as JSON arrays which are readable and usable by other applications, or in spreadsheets which can be used for manual analysis, accounting, and other tasks.

You may like: How we built an aggregation service that goes beyond PSD2

Regulating financial data aggregation

Account aggregation deals with private financial data of companies and individuals, so it is essential to guarantee the security of the information at all times to avoid it being used in a manner that is harmful to the interested parties.

Fortunately, PSD2 is very strict on these matters and establishes rigid guidelines to guarantee user safety.

The objective of the directive was to liberalize the market for online payments and associated services, including obtaining financial information through account aggregation. But it was also to regulate the participation in this space and create standards that apply to all parties to ensure that the user is protected at all times.

In terms of security, this translates into the requirement that organizations providing bank account reading services must implement what is known as Strong Customer Authentication (SCA). SCA is an authentication protocol that demands that a user provides a minimum of 2 out of three unique authentication factors: something they know, such as a PIN code or password; something they possess, such as a mobile phone or hardware token; and something they are, such as a fingerprint or retinal scan.

Together, these factors create a high barrier of access to a service and go a long way towards preventing fraud.

At the same time, the organizations that provide these services are strictly controlled under PSD2. Before PSD2, bank aggregation services existed in a sort of legal limbo. They were not illegal, but there was no standard regulation governing who could offer them and under what conditions. Back then, the most common method to obtain data was screen scraping.

Under PSD2, screen scraping has been relegated to the role of ‘fallback mechanism’, that is, the backup connection method TPPs use when connection to the banks’ APIs fails or the data provided is insufficient to service a certain use case (more on the limitations of PSD2 here). 

Either way, the companies providing these services now must be regulated by their competent national authority (generally a national bank or financial regulator) to continue providing account aggregation services, and those that do so without the proper authorization are subject to heavy fines.

To this end, PSD2 introduced two new figures: Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs). This second figure, AISPs, is the one that applies to companies that offer account aggregation and bank reading services.

In addition to transforming the online payments ecosystem by enabling new types of products and services, PSD2 enables a more stable connection between banks and third parties, which provides several benefits as we’ll see below. 

Read more: The banks leading Europe’s Open Banking API landscape

How does account aggregation work?

The data contained in a bank account is private and belongs to the account’s owner. However, there are scenarios in which the owner might want it to be accessible to a third party to be able to receive certain goods or services. A common use case would be to perform a risk analysis when a person requests a loan from a credit institution.

In such cases, the account holder can provide the access credentials to their online banking platform to a third party, who can then access that person’s account and obtain the information they need to provide them with different services.

The information is accessed using the API of the bank where the account is located. Banking APIs use a specific nomenclature for requests so third parties can access different kinds of information depending on their specific needs.

Some commonly used data categories are the balance of the account, a list of bank statements within a specific period, or the data of the owner of the account.

Example of an API call requesting a user’s financial data

 

The request specifies which bank is to be read (“bank_id”) and provides a user and password. In a real reading, these would correspond to the online banking credentials of the person whose data is to be read and analyzed.

Having received the correct credentials, the bank authorizes the request and returns the information requested in the call to the application.

A request like the one in the above image would return the following data:

  • The account owner’s name (“account_owner”)
  • The account’s IBAN code (“iban”)
  • The bank cards associated with the account (“cards”)
  • The bank loans associated with the account (“loans”)
  • A list of all statements (“statements”) between 1/1/2018 (“start_date”) and 25/10/2018 (“end_date”)

In most cases, the bank’s response will take the form of code, and the receiver will be responsible for formatting the data appropriately to be able to process it and integrate it into their business processes.

Depending on the purpose of the data, it will be treated to adapt to the company’s specific use case:  

  • Pure data output in JSON format, readable by applications to integrate into the business processes of a company.
  • Export in one of several formats (PDF or CSV for example), some of which are useful for integration in other processes or analysis systems.
  • Recreate the data in a visual interface for viewing, such as an analytics dashboard.

 

dashboard
An example of a dashboard with the data of several accounts obtained through account aggregation.

 

Connection channels under PSD2 

How can financial institutions connect using account aggregation through PSD2? There are two main ways: APIs and screen scraping. Let’s look at both of these.

Dedicated Interface (API PSD2)

With dedicated APIs, companies can access two sources of data: bank statements and owner current account balances. This connection can only happen if the third party is a licensed AISP, and uses a connection gateway such as Redsys.

Bank APIs offer stable connections that can be maintained for up to 90 days with the user’s permission and an encrypted authentication token. The main advantage of using a dedicated API interface is that it’s stable and fast. The main disadvantage is that the scope of data is limited to only two data sources.

Agreggation

Direct Connection (fallback mechanism)

Screen scraping acts as a fallback mechanism and is the method that was used before APIs and Open Banking first appeared. 

With screen scraping, the third party collects the user’s login information (username and password) and essentially “logs in” as the user. Similar to a web crawler bot, the third party then crawls the user’s bank account and gathers the relevant information while simulating the user’s behavior within the account.

The main advantage of this method is that there is no real limit to how much information the third party can gather. They can gather personal information, debit and credit cards, loans, savings, and any other financial products.

The biggest issue with screen scraping is that it requires significant maintenance work to keep the system running well. When a bank updates its online banking interface, the third party must adapt its system to recognize whatever new elements have been added and to potential layout changes. 

Currently, PSD2 recognizes scraping as a “fallback mechanism” if an API doesn’t work. If a third party requires loan data to provide its services, then it will need to screen scrape. If it just needs basic account information, then using a dedicated API is enough. 

At Unnax, we help companies and third parties use both dedicated APIs as well as screen scraping. Each channel is appropriate for different requirements, and in some cases we use both at the same time.

Main benefits for consumers, companies, and banks

Account aggregation benefits all parties involved: consumers, financial services companies, and banks.

It allows consumers to manage money a lot more quickly and efficiently: it’s much easier to make financial decisions when you can see all your account balances on one screen, rather than having to log into each separate app. 

Financial services companies benefit by learning more about their consumers’ financial habits. Being able to access the correct information and in real-time also facilitates the customization of products and servicing consumer needs. For example, gathering information to offer a loan is a lot easier through account aggregation than requesting PDFs and Excel spreadsheets.

Read more: Everything you need to know about payment initiation

 

What about the benefits for banks? At first glance, it might seem that account aggregation does not benefit banks since it forces them to give away their most precious resource: customer data. But actually, account aggregation allows banks to grow a more loyal customer base by becoming the preferred customer service. 

If a customer has to choose between a bank that offers all their pensions, savings, and investments on one screen and another bank that just shows their balance, the customer will choose the former.

Account aggregation is an opportunity for banks to level up their customer experience, encourage customers to spend more time on the app, and build a better relationship with their customers.

Furthermore, thanks to PFM (personal financial management) applications built on aggregation technology, banks now have a way to capture clients from their competitors. 

Most bank-owned PFMs allow customers to add bank accounts from other institutions. This gives the bank visibility of how their customers are engaging with competitors. For example, the bank can know if their customer has a mortgage or an insurance policy at a competing institution, and make highly personalized offers to convince them to bring those financial products over, such as slightly lower interest rates or reduced monthly payments on their policy.

Therefore, aggregation can be a powerful tool for banks to learn more about their customers and to market their products to them more effectively.

You may like: Why Banks are adopting Account Aggregation to stay relevant

Use cases & examples

Companies can use the information gathered from a person’s bank account to eliminate many uncertainties from their decision-making processes and apply it to all sorts of use cases.

With account aggregation, a company could perform a credit risk analysis of the account owner and decide whether or not to grant them a loan based on their financial health. It would help answer questions like: What is the average balance of the account? How much income and expenditure does the account owner have? Does the account holder have significant debts? Are there any observable risk factors, such as spending on gambling or numerous and elevated credit card bills?

agregation_use_cases

Below, we list some potential applications of account aggregation technology:

  • Credit risk analysis to evaluate loan requests: using account aggregation, the loan issuer can know if the requester is solvent and financially healthy.
  • Consumption habits analysis: list of historical transaction data gives insight into what a person spends money on, where they spend it, when, and more. This information can be used for marketing purposes and to create more personalized offers that speak to customers more directly.
  • Bank account consolidation: a company’s accounting processes can be simplified significantly through account aggregation, as it allows all the company’s financial data to be consolidated into a single format and viewed in a single location.
  • Personal finance apps: known as PFM’s, or Personal Financial Managers, these apps use account aggregation to extract the user’s financial data from their bank accounts and provide various services such as automated savings, financial advice, personal spending analysis, etc.
  • Financial management applications for businesses: BFM’s, or Business Financial Management applications. They fulfill a similar function as PFM’s: making financial management of a business easier by collecting all relevant data and presenting it in a single place to make it easy to use and act upon.

The UK, the first country to implement Open Banking, now has more than 2.5 million consumers and businesses using Open-Banking enabled products, and the API call volume increased to 6 billion in 2020. Although PSD2 is now fully in force in Europe, many banks and financial institutions are still catching up with the current requirements and are therefore not fully taking advantage of the opportunities that come with the new directive. 

Account aggregation helps banks and financial institutions understand their customers’ finances better, customize products and services to meet their needs, and therefore make more data-driven decisions. Those who decide to implement the new directive successfully will hold a big advantage over those that are still making decisions based on incomplete information.

Contact Us

Share:

Related Posts

Ibancar payouts and bank account check

Ibancar & Unnax: Payouts and Bank Account Check for a Seamless Credit Process

Ibancar provides financing to Spanish customers using their personal vehicles as collateral. Through a 100% online process, any customer can apply for a loan of

How to Unlock the Power of Open Banking for Next-Level Cashback Programs

How to Unlock the Power of Open Banking for Next-Level Cashback Programs

Cashback programs have grown immensely in popularity across Europe, with Spain emerging as a key market. According to ResearchAnMarkets, cashback spending in Spain is projected

Virtual Ibans what are and how could they help you

Virtual IBANs: What are They & How Can They Help Your Business?

Virtual IBANs empower businesses to efficiently manage payment routing and reconciliation while adapting to specific needs. Unlike traditional accounts, Virtual IBANs are designed solely for

Hundreds of companies already benefit from our solutions.

We’d love to help you too.

Send us a message and our team will be in touch shortly.

Hundreds of companies already benefit from our solutions.
We’d love to help you too.

Send us a message and our team will be in touch shortly.

  • English
    • Español (Spanish)
    • México (Español)
Unnax Regulatory Services, EDE, SL, is an Electronic Money Institution registered with the Bank of Spain, entity registration number 6719.
Acció and Generalitat de Catalunya logos for Catalonia trade and investment

Products

  • Account Aggregation
  • IBAN Accounts
  • Financial Indicators
  • Payments
Menu
  • Account Aggregation
  • IBAN Accounts
  • Financial Indicators
  • Payments

Solutions

  • Money Movement
  • Customer Analytics
  • Regulation as a Service
  • Onboarding
Menu
  • Money Movement
  • Customer Analytics
  • Regulation as a Service
  • Onboarding

Developers

  • Documentation
  • Sign in
  • Help Center
Menu
  • Documentation
  • Sign in
  • Help Center

More

  • About
  • Work with us
  • Blog
  • Contact
  • Resources
Menu
  • About
  • Work with us
  • Blog
  • Contact
  • Resources
Linkedin Twitter Youtube

Privacy policy | Legal Notice | Cookies | Customer Service

Unnax a powens group company
Unnax Regulatory Services, EDE, SL, is an Electronic Money Institution registered with the Bank of Spain, entity registration number 6719.
  • English
    • Español (Spanish)
    • México (Español)

Products

  • Account Aggregation
  • IBAN Accounts
  • Financial Indicators
  • Payments
  • Account Aggregation
  • IBAN Accounts
  • Financial Indicators
  • Payments

Solutions

  • Money Movement
  • Customer Analytics
  • Regulation as a Service
  • Onboarding
  • Money Movement
  • Customer Analytics
  • Regulation as a Service
  • Onboarding

Developers

  • Documentation
  • Sign in
  • Help Center
  • Documentation
  • Sign in
  • Help Center

More

  • About
  • Work with us
  • Blog
  • Contact
  • Resources
  • About
  • Work with us
  • Blog
  • Contact
  • Resources
Acció and Generalitat de Catalunya logos for Catalonia trade and investment
Linkedin Twitter Youtube

Privacy policy | Legal Notice | Cookies | Customer Service

Cookies:
These cookies are used to ensure the proper functioning of the site, for security purposes, audience measurement, improvement of the user experience, and for advertising purposes. Your consent to the installation of cookies that are not strictly necessary is free and can be withdrawn at any time. You can give or withdraw your consent globally, or set your preferences according to the purpose of the cookies. Read more
Accept
Cookies Settings
Cookie Box Settings
Cookie Box Settings

Privacy settings

Decide which cookies you want to allow. You can change these settings at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function. Learn more about the cookies we use.

With the slider, you can enable or disable different types of cookies:

  • Essential
  • Functionality
  • Analytics
  • Advertising

This website will

This website won't

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected

This website won't

  • Remember your login details
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country

This website won't

  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions

This website won't

  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website won't

  • Remember your login details
Save & Close