Back to Blog
testimonials
open-banking
psd2
strong-customer-authentication
aisp
pisp
payment-services
content-extraction

Customer Open Banking API and PSD2 Strong Customer Authentication Product Mentions — Extraction Workflow from Public Payment-Services Regulatory Archives

ProofShow Team··11 min read

When a customer's payments compliance officer, head of regulatory affairs, banking-services general counsel, or chief risk officer registers the customer as a third-party provider (TPP) on the FCA Open Banking Directory under PSD2 Article 19, files an account-information service provider (AISP) authorization on the EBA payment-services register under PSD2 Article 33, publishes a payment-initiation service provider (PISP) authorization disclosure under PSD2 Article 11, declares an account-servicing payment service provider (ASPSP) commitment under the Open Banking implementation entity standard, posts a strong-customer-authentication (SCA) compliance attestation under PSD2 Regulatory Technical Standard Article 4, files a transaction-risk-analysis (TRA) exemption claim under PSD2 RTS Article 18, registers a passporting notification with the home-state competent authority under PSD2 Article 28, or publishes a payment-services consumer-protection disclosure on the customer-facing regulator-supervised website that the customer's enterprise prospects and payments-services consumers are expected to inspect during procurement diligence or account-onboarding — and names your product as a registered AISP, a registered PISP, an authorized account-servicing payment service provider, a PSD2-conformant strong-customer-authentication counterparty, a regulator-supervised payment-services counterpart, a dedicated-interface counterparty, an SCA-exemption-conformant transaction-risk-analysis provider, or a passport-notified payment-services counterparty whose registration scope and authorization status are disclosed in the published regulatory record — they are delivering a category of endorsement that no marketing-elicited testimonial can replicate. The declaration has been prepared under the financial-regulator scrutiny of a head of regulatory affairs whose name and registered-officer status are recorded on the public regulator directory, attested through the customer's PSD2-compliance governance workflow that gates every payment-services counterparty onboarding, archived in the customer-facing regulator-supervised payment-services record where the disclosure is subject to supervisory inspection by the home-state competent authority and by data-protection authorities under the SCA-and-customer-data-sharing intersection, and operationally load-bearing in that the disclosed registration is the regulatory basis on which the customer's payment-services activity is lawful. The Open Banking Directory entry carries the financial-regulator-attested counterparty endorsement, the PSD2 authorization disclosure carries the registered-scope endorsement, and the surrounding payment-services-compliance context establishes that the endorsement was issued under the most supervisory-pressured payment-services-disclosure environment any payment-services organization operates.

Almost no B2B SaaS, fintech-infrastructure, banking-as-a-service, payment-orchestration, or payment-data-aggregation marketing team systematically extracts product mentions from public Open Banking and PSD2 regulatory archives. The omission is the natural extension of the same blind spots we documented in our SOC 2 extraction guide, our DPA extraction guide, our SBOM extraction guide, our NIST CSF extraction guide, our SLA contract extraction guide, our trademark filing extraction guide, and our software package registry extraction guide. SOC 2 content covers auditor-attested trust-services mentions. DPA content covers privacy-counsel-attested data-processor mentions. SBOM content covers regulatory-compliance dependency mentions. NIST CSF content covers defense-supply-chain compliance mentions. SLA content covers service-level-disclosure contractual mentions. Trademark content covers trademark-office-attested brand mentions. Package-registry content covers release-pressured runtime-dependency mentions. Open Banking and PSD2 disclosure content covers financial-regulator-supervised, payments-compliance-officer-attested, supervisory-audit-bound, consumer-protection-exposed registration-scope-disclosed payment-services counterparty endorsement mentions made inside the most supervisory-pressured payment-services-disclosure environment any payment-services organization operates — a pillar of the structurally durable public corpus that no other extraction surface can replicate, and the only one where the customer's registration is supervised in real time by a home-state competent authority and where the customer's payment-services consumers can exercise transaction-disputed-rights against the disclosed counterparty.

This guide describes the extraction workflow for the public Open Banking and PSD2 regulatory disclosure corpus.

Why an Open Banking Directory and PSD2 authorization mention beats almost every marketing-elicited testimonial

A registration disclosure on the FCA Open Banking Directory that names a vendor product as a registered TPP or a PSD2 authorization disclosure that names the vendor as an authorized AISP, PISP, or ASPSP counterparty is a category of endorsement that has passed through filters no marketing-elicited testimonial encounters. Six properties stack to make it one of the most adversarially credible payment-services-program endorsement formats in modern B2B SaaS marketing.

First, the registration has been prepared under regulator-supervision pressure that holds the customer's registered officer personally accountable to the home-state competent authority. PSD2 registrations and Open Banking Directory entries are filed under the customer's payment-services authorization obligations, attested by the customer's named registered officer whose registration record is disclosed on the public regulator directory, and subject to supervisory inspection during any home-state competent authority examination cycle. A product mention as a named PSD2 counterparty or an Open Banking Directory entry partner is being made under the public commitment that the customer's registered officer has personally validated the disclosure under supervisory-audit liability for inaccuracy. The supervisory-accountability property is what makes Open Banking and PSD2 mentions more credible than mentions in any format that does not carry comparable named-officer regulatory accountability.

Second, the registration has been reviewed through the same payment-services-compliance governance that gates every payment-services counterparty onboarding. PSD2 authorization additions and Open Banking Directory entries pass through the customer's payment-services governance intake workflow that routinely includes a payment-services risk assessment, an SCA-conformance check under PSD2 RTS Article 4, a transaction-risk-analysis exemption evaluation under PSD2 RTS Article 18, a fraud-prevention controls review under the EBA fraud-reporting guidelines, and a passporting-notification gate that records the home-state-and-host-state notification routes. A product mention in a published Open Banking Directory entry or PSD2 authorization disclosure is being ratified by an independent payment-services-compliance governance chain that has supervisory-audit exposure on the disclosure accuracy. The governance-review property is what makes Open Banking and PSD2 mentions more credible than mentions in any format that does not pass through comparable independent payment-services-compliance review.

Third, the disclosed registration scope records a regulatory basis that the customer's payment-services activity is lawful. PSD2 authorizations name the authorized payment-services activities, the authorized geographic scope, the authorized passporting destinations, the authorized initial capital level, the authorized professional indemnity insurance commitment, and the authorized safeguarding arrangements, and the customer's payment-services activity is lawful only to the extent it conforms to the disclosed authorization. A product mention as a registered PSD2 counterparty with disclosed registration scope — as the named TPP, as the named SCA-conformant authentication provider, as the named transaction-risk-analysis exemption provider — is being made under the regulatory-basis requirement that the customer's payment-services consumers' rights depend on. The regulatory-basis property is materially stronger than the equivalent on any format without comparable downstream-consumer-rights attachment.

Fourth, the disclosure is archived in the customer-facing regulator-supervised payment-services record where the disclosure is subject to supervisory inspection. Regulator directories, EBA registers, FCA Open Banking Directory pages, and home-state competent authority registers carry version histories that the home-state competent authority routinely inspects, supervisory-attestation links that record the supervisory examination cycle, and consumer-protection contact forms that permit payment-services consumers to file complaints against the disclosed counterparties. A product mention in the published Open Banking Directory entry or PSD2 authorization disclosure carries supervisory-audit-exposed attribution that is materially harder to revise after publish than a mention in any format without comparable supervisory exposure. The supervisory-attribution property is what makes Open Banking and PSD2 mentions more credible than mentions in any format with non-supervisory disclosure.

Fifth, the disclosure drives the customer's payment-services-compliance and consumer-protection workflows when supervisors or consumers inquire. PSD2 authorizations and Open Banking Directory entries are not informational disclosure — they are operational instruments that determine which payment-services counterparties the customer's home-state competent authority is told about when filing a payment-services-supervision update, which counterparties the customer's payment-services consumers can lodge complaints against under PSD2 Article 100, and which counterparties the customer is contractually obligated to flow PSD2 Article 64 unauthorized-transaction-refund terms down to. A product mention as a registered PSD2 counterparty is being trusted by the customer's payment-services-compliance organization to perform reliably enough that the customer's supervisory-reporting and consumer-protection workflows do not break. The operational-trust property is what distinguishes Open Banking and PSD2 mentions from informational mentions in formats without comparable operational consequence.

Sixth, the disclosure surfaces only in counterparty relationships that have crossed the payment-services-authorization threshold. Customers do not register a vendor as a TPP on the Open Banking Directory or name a vendor as a PSD2-conformant counterparty unless the vendor's product is actually performing payment-services activities of the customer's payment-services consumers under authorized scope. A product mention in a customer's Open Banking Directory entry or PSD2 authorization disclosure indicates that the vendor relationship has crossed the payment-services-authorization threshold, the SCA-conformance threshold, and the payment-services-onboarding threshold simultaneously. The threshold-crossing property is what makes Open Banking and PSD2 mentions a marketing signal of high-value payment-services-vetted-customer status rather than a generic mention.

The extraction workflow

The workflow runs in four stages: source identification, extraction normalization, registration mapping, and deployment formatting.

Stage 1 — source identification

Public Open Banking and PSD2 disclosure archives are scattered across FCA Open Banking Directory entries, EBA payment-services registers, BaFin payment-institutions disclosures, ACPR-registered payment-services attestations, home-state competent authority registers across the EEA, Open Banking Implementation Entity participant lists, and the same regulator-supervision indices that aggregate consumer-protection complaints and supervisory-examination records. The candidate sources include TPP-registration directory pages, PSD2 authorization disclosure pages, ASPSP dedicated-interface commitment pages, SCA-conformance attestation pages, transaction-risk-analysis exemption disclosures, passporting-notification records, and the change-log entries that record registration additions and removals.

The source-identification stage screens each candidate source for three properties: the source must publish the full registered counterparty identity with the authorized scope, the source must preserve change-log history with effective-date attribution, and the source must permit consumer-protection complaint submission against the disclosed counterparties. Sources that publish only category-level registration disclosure without named counterparty identity or that omit the change-log are deprioritized.

Stage 2 — extraction normalization

Each candidate disclosure is extracted from the published page and normalized into a structured record that captures the customer organization identity, the published counterparty name, the registered authorization scope (AISP, PISP, ASPSP, or hybrid), the named home-state competent authority, the registered passporting destinations, the SCA-conformance attestation date, the transaction-risk-analysis exemption status, and the effective date. PSD2 authorization mentions are extracted separately as registered-counterparty mentions and normalized into the same record format with a registration-type marker.

The extraction-normalization stage also captures the registered officer attribution, the supervisory-examination cycle date where present, and any regulator-issued identifier that the disclosure exposes (FCA Firm Reference Number, EBA register reference, BaFin BAK identifier). This metadata is required for the downstream credibility-scoring stage that distinguishes a placeholder authorization disclosure from a regulator-attested counterparty registration with named officer attestation.

Stage 3 — registration mapping

The registration-mapping stage joins the extracted records against the customer's commercial relationship database to confirm that the registering organization is a paying customer, a named customer reference, or a customer in the relationship-management pipeline. The mapping stage also scores the mention strength on three axes: the authorization-scope strength (PISP or AISP registration outranks generic counterparty disclosure), the regulator-attestation strength (FCA-registered or EBA-registered disclosure outranks unregistered disclosure), and the supervisory-exposure strength (consumer-protection-complaint-exposed disclosure outranks non-supervisory disclosure). The scored records are sorted by composite credibility and the top decile is promoted to the deployment-formatting stage.

Stage 4 — deployment formatting

Each promoted record is formatted into a deployable testimonial card that displays the customer organization's name, the customer's Open Banking Directory or PSD2 authorization source, the authorized registration scope, the effective date, and an attribution link to the public regulator-directory disclosure. The card layout follows the platform-of-origin attribution discipline documented in our testimonial card platform-of-origin attribution guide. The card is deployed alongside the marketing-elicited testimonial inventory but tagged for the Open Banking and PSD2 source so that the credibility-attribution surface separates the regulator-supervised mentions from the conventional testimonials.

Why this matters now

Fintech-infrastructure, banking-as-a-service, payment-orchestration, payment-data-aggregation, and PSD2-compliance vendors compete on credibility signals that the buyer's payments-compliance and consumer-protection organization treats as load-bearing during the vendor-evaluation cycle. A named PSD2 counterparty disclosure on a Fortune 500 customer's regulator-directory entry, an Open Banking Directory registration that lists the vendor as a registered TPP with a named authorization scope, or a regulator-supervised payment-services attestation is exactly the credibility signal the buyer's payments-compliance and consumer-protection organization treats as load-bearing, and it is one of the few credibility signals that the buyer's payments-compliance organization will search for independently during the diligence stage of the procurement cycle. The vendor that systematically extracts and deploys Open Banking and PSD2 mentions captures a credibility surface that the rest of the market has not yet learned to instrument. For the related trust-services credibility surface, see our SOC 2 extraction guide. For the related privacy-disclosure credibility surface, see our DPA extraction guide.

Ready to get started?

Start collecting and showcasing testimonials in under 5 minutes.

Start Free