PSD2 API Banking


PSD2 (Payment Service Directive) is the revised PSD1,
extending and governing new payment services

  • PSD2 effective from 13. 1. 2018
  • it makes accessible selected services to third parties

PSD2 API Banking

PSD2 (Payment Service Directive) is the revised PSD1, extending and governing new payment services

  • PSD2 effective from 13. 1. 2018
  • it makes accessible selected services to third parties

What is PSD2?

Pursuant to Act no. 281 Coll. Amending Act no. 429/2009 Coll. on payment services and transposing into the Slovak law the EU Directive on Payment Services (PSD 2) effective from 13. 1. 2018, we are publishing the following information with the view to provide access for third parties to payment accounts of payment services users (clients).

The Payment Service Directive – PSD 2 of 13. 1. 2018 known as PSD 2 is the revised PSD 1, extending and governing new payment services, primarily it makes accessible selected services to third parties (Third Party Payment Service Providers – TPP) – via three new services:

  • Payment Initiation Service (PIS) enables clients to enter a payment order by means of a payment initiation services provider (third party) from the client’s payment account held by the Bank, where the client grants consent to the execution of this payment order (the client authorises the payment order),
  • Account Information services (AISP) will enable client through a payment initiation service provider (third party) to obtain account balance and transaction history. This service is enabled after client’s consent,
  • Payment Instrument Issuer Service Provider (PIISP) enables the payment services provider (third party), on the basis of consent from the Client – account holder granted directly to the Bank, to obtain information from the Bank on available funds on the Client’s account.

Who are the third parties?

Third parties (Third Party Payment Service Providers – TPP) are the providers of payment services holding the relevant licence for providing of these new payment services granted by relevant national authority within the European Union.

Entities licensed to provide a payment service (account information services provider, payment initiation services provider and issuer of payment means linked to a payment card) must fulfil conditions pursuant to the PSD2 Regulation and guarantee the same data protection and security as banks.

It must be stated that access to the this client’s payment account will be made available only with the payment account holder’s consent.

What is the regulatory technical standard (RTS)?

This is Commission Delegated Regulation (EU) 2018/389 of 27. 11. 2017, which contains regulatory technical standards for strong customer authentication and common open communication standards developed by the European Banking Authority (EBA) in cooperation with the European Commission. The RTS will enter into effect 18 months following their approval by the European Parliament and following their issue in the collection of laws, meaning 14. 9. 2019.

What is an API?

An API (Application Programming Interface) is a communication interface that enables third parties to securely communicate with a bank. Through this interface the bank allows access to clients’ accounts to third parties in order to provide new payment services. Since the Act enables a payment services provider to select the technical method of how to ensure third-party access to a payment account, and this either by means of an API interface or by means of reading the user interface (screen scraping), the Bank can select one of these two methods, and thereby fulfil its statutory duty.

Access to PSD2

Access for payment initiation service providers on the Bank’s API interface

Pursuant to amending act on payment services SLSP shall enable licensed entities (third party) to access the Bank’s clients’ payment accounts via the API. This access is based on the principle of equality and non-discrimination. Gaining access to payment accounts is possible following the issuance of a communication key. This communication key is issued by the Bank as a security element to the API.

PSD transitional period and validity of issued communication key will be terminated 13. 9. 2019.

Procedure for issuing the communication key:

1

Licensed subject (applicant) applying for access to the Bank’s API interface fills out an application form for issuance of the communication key. Correct type of application should be selected according to the form of representation. The applicant scans the signed application form and attachments and sends to the e-mail address: firemne.pasiva@slsp.sk and originals of application and attachments to the correspondence address: Slovenská sporiteľňa, a.s, oddelenie Firemné pasíva, Tomášikova 48, 832 37 Bratislava.

2

The Bank examines the completeness of data mentioned in application and their harmony with attachments and data from external relevant sources. The Bank will issue the communication key within 30 calendar days of receiving a proper and complete application.

3

In the case of the data being incomplete, the Bank is entitled to request the applicant that it be supplemented, or that an explanation be submitted, and which is to be provided by the applicant within 5 working days.

4

The Bank after receiving the complete application shall also verify that the applicant is in a register set up by the relevant national authority for the purpose of registration of payment service providers under Act No. 281/2017 Z.z. The communication key will be sent to the applicant only if the applicant is in this register.

5

The communication key shall be sent to the e-mail address stated in the application and will be ZIP password protected. ZIP password will be set by bank.

6

ZIP password set by bank will be sent by SMS to the telephone number mentioned in application.

Choose the form of representation and download an application form:

Publication of the test environment pursuant to the regulatory technical standards (RTS)

Pursuant to the Payment Services Act, Slovenská sporiteľňa, a.s. shall allow parties – licensed entities access to payment accounts of the Bank’s clients via the API. This access is based on the principle of equality and non-discrimination.

Pursuant to Article 30(3) and (5) of Commission Delegated Regulation (EU) 2018/389 of 27. 11. 2017, which includes regulatory technical standards for strong customer authentication and common open communication standards, we publish a summary of the documentation containing the API technical specification and all the information needed to test the interface to allow third party access to payment service users’ payment accounts.

Step by step

1

Access to the test environment

Complete documentation for testing of API access, as well as connection requirements are published posted on the ERSTE Developer Portal: https://developers.erstegroup.com/

Directly in the portal you will find:

  • Registration for the EAH developer portal 
  • API Documentation
  • User guide 
  • Definitions of the AISP, GIS and PIISP services 
  • Support, FAQs
2

Standardized API documentation

You can download the standardized API documentation (swagger) here:

3

Contact

If you have any questions, comments or problems with testing, please contact us at the email address: openbanking@slsp.sk