Glossary
Learn the different words and open banking terms commonly used across our documentation.
| TERM | DEFINITION |
|---|---|
| Account | A financial account with a provider: for example, a current account. |
| Account Verification | A process that ensures only the bank account owner can authorise access to their account. |
| Access Token | A token that carries the necessary information to access a resource directly. When a client passes an access token to a server managing a resource, that server uses the information contained in the token to decide whether the client is authorised. Access tokens usually expire after one hour, though this depends on the provider. |
| AIS | Account Information Services. AIS providers use these to access customer accounts and financial data - provided consent has been given. Ordo uses AIS to power our Enhanced Account Verification (EAV) service |
| AISP | Account Information Service Provider. An AISP is a firm authorised to access an individual's or business’s account information - as long as permission has been given. Under Open Banking rules, banks have a legal requirement to provide AISPs with information once the PSU has granted permission. |
| API | Application Programming Interface. An API is a set of protocols used by programmers to create applications for a specific operating system or to interface between the different modules of an application |
| ASPSP | Account Servicing Payment Service Providers. An ASPSP is any bank or financial institution/firm that provides a payment account with online access. The term refers to a range of institutions - including building societies and banks. ASPSPs have to give trusted third party providers access to customer account information and let them initiate payments. |
| Authentication | A process in which a consumer logs in to online banking to create a secure connection between their bank and a third party provider. |
| Authorisation Flow (Auth Flow) | A method by which a bank allows their users to authorise a payment. Right now we support redirect and embedded authorisation flows, but we may support more in the future. |
| Authorisation Server (Auth Server) | The secure service hosted by Ordo that allows users to authenticate with their credentials. It also has API endpoints that you can use to obtain and renew an access_token. |
| Beneficiary | The bank account that receives money when a payment is made. |
| billerAccountId | Is the unique proxy of your account details for where payments will be received into. This is known as your billing account. |
| billerPartcipantId | Is your unique ID within Ordo that has been associated to a billerAccountId. |
| Billing Account | Is your bank account number, sort code and account name where payments will be received into. Given a unique proxy on the Ordo platform. |
| Certificates | A pair of files — one public, one private — used to sign requests. These are also known as signing keys. |
| CGI | Ordo’s strategic technology partner, is one of the largest IT and business consulting services groups in the world. |
| Client | An application that implements our APIs. |
| client_id | Unique identifier for your application. |
| client_secret | A secret known only to your application that is used for authenticating your application within our platform. |
| CMA | Competition & Markets Authority. The CMA's role is to regulate industry competition in the UK and protect users of financial products. |
| CMA9 | CMA9 refers to the UK’s nine largest banking groups. The CMA requires these institutions to offer and finance Open Banking in the UK, including supporting VRP 'sweeping'. This was with the express aim of improving competition within the market. The 9 biggest banking groups are: Barclays, Lloyds (including Bank of Scotland and Halifax), HSBC (including FirstDirect), NatWest (including Royal Bank of Scotland and Ulster Bank), Santander, Nationwide, AIB, Bank of Ireland and Danske Bank (including Northern Bank) |
| Consent Flow | The online journey a user makes when they consent to a third party provider accessing their account information. |
| Consent Parameters | The ‘contract’ the end-customer agrees to that sets out the parameters that Ordo can use to collect payment on behalf of its merchant client(s). Ordo refers to these as Variable Payment Agreements |
| Consent Mandate | The payment limits defined in the variable payment agreement |
| Credentials | Information which identifies you or your user. This can include a username and password, API keys, a pair of certificates, etc. |
| Developer Portal | Hosts the Ordo documentation and other information to support client development/testing |
| FCA | The Financial Conduct Authority regulates and authorises firms in the UK's finance industry. Part of its remit is to protect consumers |
| Front-end | The Web application that enables end-customers to interact with Variable Payment Agreements |
| ISV | Independent Software Vendors who specialise in making/selling/integrating software solutions |
| KYC (Know Your Customer) | To minimise risks posed by unlawful activities such as money laundering, banks and providers are required by law to ‘know their customers’ by verifying their identities. Ordo may require evidence of account ownership as part of a client onboarding |
| Mandate | The agreement between you and your end-customer which enables you to take payments from their account. Ordo refers to this as a Variable Payment Agreement |
| Merchant | A business or organisation requesting payment |
| Merchant Dashboard | Ordo provides a web dashboard (myordo.com) that allows clients to view the status of their transaction. This complements the data available via API and webhook |
| oAuth 2.0 | The industry standard authorisation protocol. |
| Open Banking | Open Banking involves giving regulated firms secure, authorised access to user bank accounts, so that those companies can provide useful services, such as making payments. |
| Open Banking Payments | A way for your customers to pay using bank transfers from any provider that Ordo is connected with. |
| Participant Id | Is your unique ID within Ordo (please see billerParticipantId) |
| Payer | The term used for the end-customer of a Merchant/Biller. The payer is the party agreeing to be debited when making the payment. |
| Payment Status | A value which indicates where a payment is in its life cycle. |
| PCI-DSS | Payment Card Industry - Data Security Standards. The set of standards and regulations that businesses and organisations taking card payments have to comply with. It is a regulatory and data manageemt burden. One of the key benefits of Open Banking is that there are no card details taken which therefore do not have to be protected (because no sensitive information is shared) and so this PCI-DSS regulatory burden is lifted when using Open Banking |
| PIS | A Payment Initiation Service allows third-party providers (PISPs - Payment Initiation Service Provider) to initiate payments for their clients. With a PISP, you can use your bank account to pay companies directly from your bank account - instead of through your credit or debit card. A PISP must have a customer’s consent before providing this service. |
| PISP | Payment Initiation Service Provider; a type of FCA authorised firm. The concept was created to ensure Open Banking is delivered safely to end customers. |
| Platform | The ‘behind the scenes’ databases, microservices and logic processing that underpins Ordo – accessed via APIs. This hosted platform abstracts all of the complexity of Open Banking, giving clients a smooth, seamless experience. Ordo works with CGI, our strategic technology partner, who host the service |
| Private Key | See certificates. |
| Provider | A bank or other financial institution that provides Ordo with access to financial data and payment services through APIs. |
| PSP | A PSP (Payment Service Provider) is an authorised third-party company that provides payment services to businesses that accept online payment methods including credit/debit cards, e-wallets, cash cards, bank transfers etc |
| PSU | Payment Service User. Any user who can make a payment through your customer interface is a PSU. In our documentation, PSU refers to your customer. |
| Public Key | See certificates. |
| Redirect URI | When initiating a payment with the redirect authorisation flow, this redirects the user back to your app or website after they have authorised a payment with their bank. |
| Refresh Token | A token you need to get a new access token. Usually used to get a new access token after the previous one has expired, or to get access to a new resource for the first time. Refresh tokens expire until the user needs to reconfirm consent (usually after 90 days). If not used, they expire after 30 days. |
| Return URI | See redirect URI. |
| Staging Environment | Environment that clients can use to test their own development. Has all Ordo capability plus dummy banks to test against; Modelo Bank for single payments and NatWest for Variable Payment Agreements. Instructions for each are in the relevant sections of the Ordo guide |
| subscription_key | The key used to access the Ordo API Management gateway |
| Third Party Providers (TPP) | Third Party Providers. A TPP is an online service provider authorised within Open Banking which is involved in a customers' transactions - but not connected to their bank. As a collective term within Open Banking, TPPs consist of two types : Account Information Service Providers (AISPs) - a company or provider that can access customer's financial information with consent and Payment Initiation Service Providers (PISPs) - providers that allow customer to make payments without using a debit or credit card. |
| TSP | Technical Service Provider (we use Yapily to support our connectivity into ASPSPs) |
| User | Your customer. See PSU. |
| UX | User Experience. In this case, a clickable demo to show how VRP will work for end users |
| Value Added Reseller (VAR) | An organisation that typically integrates additional features to products and services (such as adding Ordo to a payments service stack) |
| Variable Recurring Payments (VRP) | Variable Recurring Payments; arrangements between Merchants/businesses and their end-customers that allow for multiple payments to be made without the payer having to authorise each transaction. Ordo refers to these as Variable Payment Agreements |
| VRP Commercial | All VRP use cases which are not sweeping - essentially moving money to accounts in different names (commonly to pay bills or buy goods and services) where the Payer and Beneficiary account will be different names |
| VRP Non-sweeping | All VRP use cases which are not sweeping - essentially moving money to accounts in different names (commonly to pay bills or buy goods and services) where the Payer and Beneficiary account will be different names |
| VRP Sweeping | Where the Payer and Beneficiary account are in the same name - so-called 'me to me' payments. Typically, sweeping involves transferring money between a customer's account - eg from their current account to their credit card account/savings account or a loan repayment account |
| Yapily | The 3rd party that provides connectivity into Open Banking (they are a TSP) |
Updated about 1 year ago
What’s Next