General
Personetics Cloud Data Connector lets banks gain a broader understanding of the user's financial behavior and deliver more personalized insights and offerings by connecting to other financial institutions. The product allows customers to grant access to their users data in other financial institutions, and by that retrieve their data, normalize it into Personetics structure, enrich and categorize the data, and eventually provide it back to the end user.
Consent Management
In open banking context, consent management can be divided into three phases.
- Consent phase - onboarding - In the onboarding phase, the interface shows the user what information is requested and for what purposes. Users should be accurately informed of the information they are about to share and time-bound permission they are providing.
- Authentication phase - After the user is informed about providing consent, it is the backend responsibility to take over and engage the user in authentication mechanisms to ensure the security of the customer’s data.
- Authorization phase - In this phase, the customer is presented with the details about the consent required on the bank-user interface and is asked to allow or deny the request from the bank to access the shown data. The response from the user is then sent to the bank backend, and the data must be recorded accordingly.
Onboarding
The user journey to receive smart insights and personalized offerings based on external data starts from the onboarding phase of the Cloud Data Connector product. The onboarding process may be initiated either from the customer's application or from another Cloud Data Connector widget if they already have a linked account.
In this phase, the goal is to onboard the user and gather all necessary information to create a consent – financial institution, information baskets and expiry date, so that a consent can be obtained and the financial data can be retrieved to the platform.
After the user has completed the onboarding process, he is redirected to the selected financial institution to complete the authentication and authorization process and to ultimately create a consent. As soon as the user accepts and enables the bank to retrieve the data from the external financial institution, a consent will be created.
Banks may decide whether to use the Consent Management widget for onboarding and consent management OR develop their own UI using the Consent Management APIs
- Create Consent - obtaining a new consent. This method creates a consent resource, which defines dedicated accounts and services for a given user ID.
- Get Consent List – Returns the list of consents for the requested user, along with the consent information.
- Revoke Consent – Delete account information for a specific consent. The expired consents will be delete using this request as well.
Data Management
The objectives of the data management component is to retrieve the data based on the consents the user provided and make the data available to any service that desires to consume it.
The data can be retrieved in two ways:
- Batch mode – batch processing is a method of running high-volume, repetitive data jobs. It is up to every customer to determine, in each financial institution, how many times a day to obtain the data for the approved consents.
- On Demand mode – the on-demand refreshUserData API retrieves data upon user request from financial institutions. This allows users to get fresh data without having to wait for the next batch to run. The server will control the spamming by a configuration file that will enable the customer to configure how many times the user can refresh the data, when from the last request, etc.
- Once the data was retrieved and stored in the Data Connector database, it is now accessible to other internal Personetics services such as Pserver getUserTransactions and getInsights API, to use in order to normalize it, enrich it, and provide it with meaningful insights to the customer.