Learn the different words and open banking terms commonly used across our documentation.

AccountA financial account with a provider: for example, a current account.
Account VerificationA process that ensures only the bank account owner can authorise access to their account.
Access TokenA token that carries the necessary information to access a resource directly. When a client passes an access token to a server managing a resource, that server uses the information contained in the token to decide whether the client is authorised.
Access tokens usually expire after one hour, though this depends on the provider.
AISAccount Information Services. AIS providers use these to access customer accounts and financial data - provided consent has been given. Ordo uses AIS to power our Enhanced Account Verification (EAV) service
AISPAccount Information Service Provider. An AISP is a firm authorised to access an individual's or business’s account information - as long as permission has been given. Under Open Banking rules, banks have a legal requirement to provide AISPs with information once the PSU has granted permission.
APIApplication Programming Interface. An API is a set of protocols used by programmers to create applications for a specific operating system or to interface between the different modules of an application
ASPSPAccount Servicing Payment Service Providers. An ASPSP is any bank or financial institution/firm that provides a payment account with online access. The term refers to a range of institutions - including building societies and banks. ASPSPs have to give trusted third party providers access to customer account information and let them initiate payments.
AuthenticationA process in which a consumer logs in to online banking to create a secure connection between their bank and a third party provider.
Authorisation Flow (Auth Flow)A method by which a bank allows their users to authorise a payment. Right now we support redirect and embedded authorisation flows, but we may support more in the future.
Authorisation Server (Auth Server)The secure service hosted by Ordo that allows users to authenticate with their credentials. It also has API endpoints that you can use to obtain and renew an access_token.
BeneficiaryThe bank account that receives money when a payment is made.
billerAccountIdIs the unique proxy of your account details for where payments will be received into. This is known as your billing account.
billerPartcipantIdIs your unique ID within Ordo that has been associated to a billerAccountId.
Billing AccountIs your bank account number, sort code and account name where payments will be received into. Given a unique proxy on the Ordo platform.
CertificatesA pair of files — one public, one private — used to sign requests. These are also known as signing keys.
CGIOrdo’s strategic technology partner, is one of the largest IT and business consulting services groups in the world.
ClientAn application that implements our APIs.
client_idUnique identifier for your application.
client_secretA secret known only to your application that is used for authenticating your application within our platform.
CMACompetition & Markets Authority. The CMA's role is to regulate industry competition in the UK and protect users of financial products.
CMA9CMA9 refers to the UK’s nine largest banking groups. The CMA requires these institutions to offer and finance Open Banking in the UK, including supporting VRP 'sweeping'. This was with the express aim of improving competition within the market. The 9 biggest banking groups are: Barclays, Lloyds (including Bank of Scotland and Halifax), HSBC (including FirstDirect), NatWest (including Royal Bank of Scotland and Ulster Bank), Santander, Nationwide, AIB, Bank of Ireland and Danske Bank (including Northern Bank)
Consent FlowThe online journey a user makes when they consent to a third party provider accessing their account information.
Consent ParametersThe ‘contract’ the end-customer agrees to that sets out the parameters that Ordo can use to collect payment on behalf of its merchant client(s). Ordo refers to these as Variable Payment Agreements
Consent MandateThe payment limits defined in the variable payment agreement
CredentialsInformation which identifies you or your user. This can include a username and password, API keys, a pair of certificates, etc.
Developer PortalHosts the Ordo documentation and other information to support client development/testing
FCAThe Financial Conduct Authority regulates and authorises firms in the UK's finance industry. Part of its remit is to protect consumers
Front-endThe Web application that enables end-customers to interact with Variable Payment Agreements
ISVIndependent Software Vendors who specialise in making/selling/integrating software solutions
KYC (Know Your Customer)To minimise risks posed by unlawful activities such as money laundering, banks and providers are required by law to ‘know their customers’ by verifying their identities. Ordo may require evidence of account ownership as part of a client onboarding
MandateThe agreement between you and your end-customer which enables you to take payments from their account. Ordo refers to this as a Variable Payment Agreement
MerchantA business or organisation requesting payment
Merchant DashboardOrdo provides a web dashboard ( that allows clients to view the status of their transaction. This complements the data available via API and webhook
oAuth 2.0The industry standard authorisation protocol.
Open BankingOpen Banking involves giving regulated firms secure, authorised access to user bank accounts, so that those companies can provide useful services, such as making payments.
Open Banking PaymentsA way for your customers to pay using bank transfers from any provider that Ordo is connected with.
Participant IdIs your unique ID within Ordo (please see billerParticipantId)
PayerThe term used for the end-customer of a Merchant/Biller. The payer is the party agreeing to be debited when making the payment.
Payment StatusA value which indicates where a payment is in its life cycle.
PCI-DSSPayment Card Industry - Data Security Standards. The set of standards and regulations that businesses and organisations taking card payments have to comply with. It is a regulatory and data manageemt burden. One of the key benefits of Open Banking is that there are no card details taken which therefore do not have to be protected (because no sensitive information is shared) and so this PCI-DSS regulatory burden is lifted when using Open Banking
PISA Payment Initiation Service allows third-party providers (PISPs - Payment Initiation Service Provider) to initiate payments for their clients. With a PISP, you can use your bank account to pay companies directly from your bank account - instead of through your credit or debit card. A PISP must have a customer’s consent before providing this service.
PISPPayment Initiation Service Provider; a type of FCA authorised firm. The concept was created to ensure Open Banking is delivered safely to end customers.
PlatformThe ‘behind the scenes’ databases, microservices and logic processing that underpins Ordo – accessed via APIs. This hosted platform abstracts all of the complexity of Open Banking, giving clients a smooth, seamless experience. Ordo works with CGI, our strategic technology partner, who host the service
Private KeySee certificates.
ProviderA bank or other financial institution that provides Ordo with access to financial data and payment services through APIs.
PSPA PSP (Payment Service Provider) is an authorised third-party company that provides payment services to businesses that accept online payment methods including credit/debit cards, e-wallets, cash cards, bank transfers etc
PSUPayment Service User. Any user who can make a payment through your customer interface is a PSU. In our documentation, PSU refers to your customer.
Public KeySee certificates.
Redirect URIWhen initiating a payment with the redirect authorisation flow, this redirects the user back to your app or website after they have authorised a payment with their bank.
Refresh TokenA token you need to get a new access token. Usually used to get a new access token after the previous one has expired, or to get access to a new resource for the first time.
Refresh tokens expire until the user needs to reconfirm consent (usually after 90 days). If not used, they expire after 30 days.
Return URISee redirect URI.
Staging EnvironmentEnvironment that clients can use to test their own development. Has all Ordo capability plus dummy banks to test against; Modelo Bank for single payments and NatWest for Variable Payment Agreements. Instructions for each are in the relevant sections of the Ordo guide
subscription_keyThe key used to access the Ordo API Management gateway
Third Party Providers (TPP)Third Party Providers. A TPP is an online service provider authorised within Open Banking which is involved in a customers' transactions - but not connected to their bank. As a collective term within Open Banking, TPPs consist of two types : Account Information Service Providers (AISPs) - a company or provider that can access customer's financial information with consent and Payment Initiation Service Providers (PISPs) - providers that allow customer to make payments without using a debit or credit card.
TSPTechnical Service Provider (we use Yapily to support our connectivity into ASPSPs)
UserYour customer. See PSU.
UXUser Experience. In this case, a clickable demo to show how VRP will work for end users
Value Added Reseller (VAR)An organisation that typically integrates additional features to products and services (such as adding Ordo to a payments service stack)
Variable Recurring Payments (VRP)Variable Recurring Payments; arrangements between Merchants/businesses and their end-customers that allow for multiple payments to be made without the payer having to authorise each transaction. Ordo refers to these as Variable Payment Agreements
VRP CommercialAll VRP use cases which are not sweeping - essentially moving money to accounts in different names (commonly to pay bills or buy goods and services) where the Payer and Beneficiary account will be different names
VRP Non-sweepingAll VRP use cases which are not sweeping - essentially moving money to accounts in different names (commonly to pay bills or buy goods and services) where the Payer and Beneficiary account will be different names
VRP SweepingWhere the Payer and Beneficiary account are in the same name - so-called 'me to me' payments. Typically, sweeping involves transferring money between a customer's account - eg from their current account to their credit card account/savings account or a loan repayment account
YapilyThe 3rd party that provides connectivity into Open Banking (they are a TSP)