Home · Solutions · Open Banking & PSD2/ÖHVPS
Financial data and payments are moving to open APIs. PSD2 in Europe and ÖHVPS in Türkiye define how. Compliance means more than passing an audit. It means building the right architecture from the start.
The foundation
Open Banking shifts financial services from closed, proprietary systems to a regulated, API-driven ecosystem. Banks open their data and payment capabilities to licensed third parties, with the customer's explicit consent, creating a new layer of financial infrastructure that fintechs, retailers, and platforms can build on top of.
Banking services (balances, transactions, payment initiation) accessible through standardized APIs from one integration point.
Customers can view and manage accounts across multiple banks in a single interface. Balances, transactions, and limits, all in one view.
OAuth 2.0 and strong customer authentication applied consistently. Access is always scoped, time-limited, and revocable by the customer.
Licensed third parties can offer better experiences: financial dashboards, alternative lending, instant payments, without needing a banking license.
Payment initiation directly from any connected account, without card rails or intermediaries. Faster, cheaper, and traceable.
Banks compete on service quality, not data monopoly. Customers can move their financial life to wherever they get the best value.
European regulation
In force since 2018 across the EU and EEA, PSD2 mandates that banks provide a secure API interface (XS2A) to licensed third-party payment service providers. The directive defines three categories of service, each with specific access rights and technical obligations.
Operated by AISPs. Read-only access to account data (balances, transaction history, account details) with customer consent.
Operated by PISPs. Initiate payment orders from the customer's bank account: SEPA credit transfers, one-time and recurring payments.
Used by PIISPs. Confirms whether sufficient funds are available in the customer's account, without accessing full account data.
API categories
Technical standards
Third-party obligations
Turkish regulation
ÖHVPS (Ödeme Hizmetleri Veri Paylaşım Servisleri) is the national open banking framework established under the regulation of the Central Bank of the Republic of Türkiye (TCMB). It defines how payment service providers and licensed third parties securely share financial data and initiate payments through standardized APIs, within a centralized national infrastructure.
The licensed third-party provider in ÖHVPS, equivalent to TPP in PSD2. YÖS entities access customer accounts, initiate payments, and retrieve account information, always with explicit customer consent.
The account-holding institution, equivalent to ASPSP in PSD2. HHS entities (banks and payment institutions) must expose compliant ÖHVPS APIs and support the consent and authentication flows required by the framework.
Centralized architecture
Unlike PSD2's decentralized model, ÖHVPS routes all interactions through a central infrastructure operated by BKM (Bankalararası Kart Merkezi). This ensures standardization across all participants and simplifies integration for third parties.
What's next
The European Commission is actively working on PSD3. While the full text is still being finalized, the direction is already clear from public consultations and draft proposals, pointing toward a more rigorous, more consistent, and broader-scoped framework than PSD2.
Clearer liability rules for unauthorized transactions, closing the gaps that PSD2 left open across member states.
PSD2 was interpreted differently across EU countries. PSD3 aims to close those gaps with more prescriptive technical requirements.
Beyond payment accounts: pensions, insurance, investments. The open banking model is expanding to the full financial picture.
Better exemption frameworks and more user-friendly authentication, reducing friction without reducing security.