Introduction - Account Data
Ordo’s Account Data Services allow you to collect bank account data from your end customers. This information can provide you with real-time insights into end customer behaviour, financial profiles and risk management.
Ordo provides two options for integration allowing you as a business to choose the one that suits your use case best. Our hosted and white-labelled authorisation journey means that Ordo handles the user experience (UX) through a series of customisable screens, before redirecting your customer to their Bank, whereas our client hosted authorisation journey allows you to maintain your own UI and UX whist still taking advantage of Ordo's Open Banking connectivity and authorisation orchestration.
To get account data, once you have finished the Get started elements, you will need to complete these three steps:
- Create an AIS consent for the data you require.
- Present the AIS consent to your end customer for them to authorise with their bank
- Request and retrieve the data from the Ordo platform.
Account data consents
A consent represents your end customer’s authorisation for data access with their bank. This means that there is a valid connection, identified by an "aisConsentId" that can be used to request data from their bank. The data available to you is determined by the permissions set when creating an AIS consent.
| Permission | Permission description |
|---|---|
| Accounts | Retrieve list of accounts owned by the customer |
| Balances | Retrieve current balance of account(s) |
| Beneficiaries | List of parties paid by the customer |
| DirectDebits | List of Direct Debit beneficiaries |
| Offers | List of special offers available to the customer |
| Parties | Retrieve account name/owner |
| Products | Details of account(s) – Credit and Debit interest rate, Overdraft limit etc. |
| ScheduledPayments | List of future-dated payments set up by the customer |
| StandingOrders | List of Standing Order beneficiaries the customer has set up |
| Statements | List of previous transactions |
| Transactions | List of debit and credits |
A consents lifecycle can be finite, determined by the expiryDate, or can be open-ended. However, clients should make their end customer aware that they will need to reconfirm their consent every 90 days with you to allow you to continue to access their account details.
The reconfirmation of your end customer’s consent needs to be captured as part of your user management. The consent doesn't need to be provided via SCA with the customers’ bank but it does need to be explicit. For example, a user selects a checkbox to confirm consent. This information must be available to Ordo on request, in the event that a customers’ bank challenges the collection of that customer’s data.
The option to view and cancel a consent must also be provided to your end customer.
Account data requests
To retrieve data from a consent you must use the Data Request endpoint which requires the "aisConsentId". The data will then be requested by Ordo from the bank and if successful, stored within the Ordo platform for 7 days.
A webhook notification will be sent to you to let you know when the data requested is available and will provide you with a "aisDataRequestId" for data collection. If yourwebhook receiver is down for planned or unplanned maintenance then you can call our Get All or Singular data request endpoints to obtain the "aisDataRequestId"
Once Ordo has confirmed the data is available, you can pull the data via our Get Data Request endpoint.
Data Requests – Data Protection Impact Assessment (DPIA)
Limited elements of personal data need to be held within Ordo’s infrastructure (Account Name, sort-code, account number, balances, transaction history, DD and SOs) in a purely temporary/transient way, before being delivered to you for analysis. Ordo maintains a record of the data request for 7 calendar days before permanently deleting this from our platform. Ordo retains a unique ID for each data request, together with the Token needed to refresh this data from the end-customer’s bank (refresh triggered by Ordo client request).
It is recommended that you perform a DPIA to ensure your legal obligations as data controller are satisfied.
Data collections
To retrieve data from the Ordo platform you must provide a valid "aisDataRequestId". Ordo will provide you with a standardised dataset from the bank, so that the information is easier to consume. An overview of the account data format can be found here.
Updated about 2 months ago