The core problem of the PSD2 is that consumers do not have the option of filtering payments. This is why we have set up a PSD2-me-nots register, which allows certain account numbers to be filtered. We have built an API around this.
In order to filter, we have set up a PSD2-me-not filter. This consists of a list of account numbers from which special personal data can be derived. This filter is 'wrapped' in a API . When an AISP pulls in data from a bank, it does so via an API. Our API can be added to this. With our API we show how the detection and filtering works and allow AISP's to use the solution off the shelf.
To package the registry and the API visually, we collaborate with the Gatekeeper for Open Banking. Our filter has been incorporated into their service. And that's good news, because Gatekeeper is being developed to become an intermediary between banks, AISPs and service providers, using technologies like blockchain, zero-knowledge proofs and tools for detecting and filtering special personal data. FwdPay and Privacy First are working together to develop the Privacy Filter in such a way that it can be easily used by AISPs.
Gatekeeper for Open banking
We post some screenshots to bring these solutions to life. Initially, a customer opens GateKeeper as an app provided by an AISP. A user sees that they can start filtering data, including through the privacy filter.
Next, the client selects options for limiting the amount of detail and data shared. He can set his preferences from sharing all to a very limited amount of data depending on his preferences. The GateKeeper offers filtering options for debit/credit, history, times for sharing (one-time to recurring) and can drill down. And of course, filtering privacy-sensitive data.
The Gatekeeper will use the Privacy Filter to detect the special categories of personal data. The screenshot below shows the detected transactions. At this point, a person must be informed of the processing and give consent. At this point, a person has the option to filter or share the data.
A closer look at the API
An API is a piece of code created by two volunteers, Wessel and Rens. The API is a Python Web Application that, after a request, filters a local input JSON file of the PSD2 format based on the CSV file (the PSD2-me-non-register). Sounds complicated, but is very simple.
The privacy filter, the API, cannot stand alone. Parties can place the API in different places. For example, just before data is received by an AISP. An AISP then prevents the data from being processed. In this case a person will set up a filter via Gatekeeper, which is sent along with the request. Alternatively the data may be received by an AISP, but Gatekeeper ensures that no more data than the consumer wants is shared. In this case the data is filtered before it is shared any further.
In a component diagram, this looks like this:
In a sequence diagram, this looks like this:
In the article in which we look back and ahead we conclude that we have delivered a whitepaper with the ideas and a working API. The API is now part of Gatekeeper and we will continue to develop it from there.