🌟 Enable Banking’s Open Banking Glossary of Acronyms

A Deep Dive into Key Open Banking Acronyms

Open Banking has a habit of sounding more complicated than it actually is. A sea of acronyms, evolving regulations, and technical terminology can make even seasoned fintech professionals pause and ask: wait, what does that actually mean again?

This glossary is here to change that. It outlines the kaleidoscope of terms that form the alphabet soup of Open Banking, from regulatory building blocks to tech nuts and bolts, and business-centric concepts. This goes well beyond acronyms and into the why and how of each term.

Whether you’re navigating PSD2 today, preparing for PSD3 and FiDA tomorrow, or building products that rely on real-time financial data, understanding the language of Open Banking matters. Not just for compliance, but for building better products, making smarter decisions, and unlocking real value from financial data.

Below, we break down the most important Open Banking and Open Finance terms across the EU and EEA. From core regulatory concepts to technical standards and emerging use cases, each definition is designed to be practical, clear, and grounded in how Open Banking is actually used today.

Think of it as your shared vocabulary for modern financial infrastructure.

Account Information Service Provider (AISP)

Account Information Service Providers are authorised to view bank account information but cannot initiate payments.

Application Programming Interface (API)

An application program interface (API) is a set of routines, protocols, and tools for building software applications. Basically, an API specifies how software components should interact.

Account Service Payment Service Provider (ASPSP)

Banks or similar institutions which provides payments accounts.

Electronic Identification, Authentication and trust Service (eIDAS)

An EU regulation on / a set of standards for electronic identification and trust services for electronic transactions in the European Single Market.

Personally Identifiable Information (PII)

Any information relating to an identified or identifiable individual.

Payment Initiation Services Provider (PISP)

A Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.

Second Payment Services Directive / Revised Payment Services Directive (PSD2)

An EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA).

Payment Service User (PSU)

The owner of the accounts. (E.g: Anyone that has a payment account).

Qualified Certificate for Electronic Seals (QSealC)

The QSealC is used for identity verification at the application layer to protect transactional information from potential attacks. This means that the person receiving digitally signed data can be certain about who signed the data and that it has not been changed. It is used to sign API/HTTP requests.

Qualified Trust Service Provider (QTSP)

QTSPs are regulated (Qualified) to provide trusted digital certificates under the electronic Identification and Signature (eIDAS) regulation.

Qualified Website Authentication Certificate (QWAC)

Provides identification at the transport layer. QWAC is similar to SSL/TLS. It is used for website authentication, so that ASPSPs and TPPs can be certain of each other’s identity.

Regulatory Technical Standards on Strong Customer Authentication and Secure Communication (RTS on SCA and CSC)

Regulatory Technical Standards are a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability and other processes. This specific RTS, the RTS on SCA and CSC under PSD2 is key to achieving the objective of the

PSD2 of enhancing consumer protection, promoting innovation and improving the security of payment services across the European Union.

Strong Customer Authentication (SCA)

Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the

user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a finger print or iris pattern]) that are

independent, [so] the breach of one does not compromise the others, and is designed in such a way as to protect the confidentiality of the authentication data.

Third Party Provider (TPP)

Third Party Providers are organisations or natural persons that use APIs developed to PSD2 standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are either Payment Initiation Service Providers (PISPs), Account Information Service Providers (AISPs), or both

Technical Service Providers (TSP)

Technical service providers (TSPs) are companies that work with regulated providers to deliver open banking products or services

Open Banking is no longer a niche concept or a regulatory experiment. It’s infrastructure. And like any infrastructure, the value comes not just from access, but from understanding how the pieces fit together.

If you’re building, integrating, or simply trying to make sense of Open Banking, we hope this open banking glossary of acronyms helps cut through the noise and bring a bit more clarity to the conversation. Because when the language becomes clearer, the opportunities usually do too.

Explore More: