Pursuant to Act no. 281 Coll. Amending Act no. 492/2009 Coll. on payment services and transposing into the Slovak law the EU Directive on Payment Services (PSD 2) effective from 13. 1. 2018, we are publishing the following information with the view to provide access for third parties to payment accounts of payment services users (clients).
The Payment Service Directive – PSD 2 of 13. 1. 2018 known as PSD 2 is the revised PSD 1, extending and governing new payment services, primarily it makes accessible selected services to third parties (Third Party Payment Service Providers – TPP) – via three new services:
Payment Initiation Service (PIS) enables clients to enter a payment order by means of a payment initiation services provider (third party) from the client’s payment account held by the Bank, where the client grants consent to the execution of this payment order (the client authorises the payment order),
Account Information services (AISP) will enable client through a payment initiation service provider (third party) to obtain account balance and transaction history. This service is enabled after client’s consent,
Payment Instrument Issuer Service Provider (PIISP) enables the payment services provider (third party), on the basis of consent from the Client – account holder granted directly to the Bank, to obtain information from the Bank on available funds on the Client’s account.
Who are the third parties?
Third parties (Third Party Payment Service Providers – TPP) are the providers of payment services holding the relevant licence for providing of these new payment services granted by relevant national authority within the European Union.
Entities licensed to provide a payment service (account information services provider, payment initiation services provider and issuer of payment means linked to a payment card) must fulfil conditions pursuant to the PSD2 Regulation and guarantee the same data protection and security as banks.
It must be stated that access to the this client’s payment account will be made available only with the payment account holder’s consent.
What is the regulatory technical standard (RTS)?
This is Commission Delegated Regulation (EU) 2018/389 of 27. 11. 2017, which contains regulatory technical standards for strong customer authentication and common open communication standards developed by the European Banking Authority (EBA) in cooperation with the European Commission. The RTS will enter into effect 18 months following their approval by the European Parliament and following their issue in the collection of laws, meaning 14. 9. 2019.
What is an API?
An API (Application Programming Interface) is a communication interface that enables third parties to securely communicate with a bank. Through this interface the bank allows access to clients’ accounts to third parties in order to provide new payment services. Since the Act enables a payment services provider to select the technical method of how to ensure third-party access to a payment account, and this either by means of an API interface or by means of reading the user interface (screen scraping), the Bank can select one of these two methods, and thereby fulfil its statutory duty.
Access to the Dedicated Interface of Slovenská sporiteľňa, a.s. (“API”)
In accordance with Act No 492/2009 on payment services and amending certain acts, as amended (“Act”) and in accordance with Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (“RTS for SCA & CSC”), Slovenská sporiteľňa, a.s. (“Bank”) authorises third parties who are licensed payment service providers to access the payment accounts of payment service users who are clients of the Bank via an API. It implements access in compliance with the principles of equality and non-discrimination.
Pursuant to Article 30(3) of the RTS for SCA & CSC, the Bank publishes on its website a summary of relevant documentation including the technical specification of the API and all information necessary for third parties to have access to the payment accounts of the Bank’s clients
Step by step
Access to the dedicated interface API
Comprehensive documentation and access to the dedicated interface API, third-party licensed payment service provider registration, and third-party application integration is posted on the ERSTE Developer Portal: https://developers.erstegroup.com
Use the contact form also if you want to report an error or have issues using the dedicated API interface. We kindly ask you to provide us with information that will help us identify the problem more quickly:
Information on your organization and application from which the call is made. Information can be found at Erste Developer portal:
Organization ID (menu Organization – Organization Settings – Organization ID),
Application ID (menu Organization – Applications – ID).
whole HTTP request/response (in case you don’t have it, specify the service you are having issues with, date and time of calling the service and consent ID and access token used),
contact data of a person in your organization whom we can contact if needed.
Pursuant to Article 32 paragraph 4 of Regulatory technical standards the provider of payments services administering an account shall monitor the availability and performance of dedicated interface and as a result, the Bank shall publish on its web page statistics on availability and performance of dedicated interface and interface used by the Bank’s payment services users.