Pursuant to Act no. 281 Coll. Amending Act no. 429/2009 Coll. on payment services and transposing into the Slovak law the EU Directive on Payment Services (PSD 2) effective from 13. 1. 2018, we are publishing the following information with the view to provide access for third parties to payment accounts of payment services users (clients).
The Payment Service Directive – PSD 2 of 13. 1. 2018 known as PSD 2 is the revised PSD 1, extending and governing new payment services, primarily it makes accessible selected services to third parties (Third Party Payment Service Providers – TPP) – via three new services:
Payment Initiation Service (PIS) enables clients to enter a payment order by means of a payment initiation services provider (third party) from the client’s payment account held by the Bank, where the client grants consent to the execution of this payment order (the client authorises the payment order),
Account Information services (AISP) will enable client through a payment initiation service provider (third party) to obtain account balance and transaction history. This service is enabled after client’s consent,
Payment Instrument Issuer Service Provider (PIISP) enables the payment services provider (third party), on the basis of consent from the Client – account holder granted directly to the Bank, to obtain information from the Bank on available funds on the Client’s account.
Who are the third parties?
Third parties (Third Party Payment Service Providers – TPP) are the providers of payment services holding the relevant licence for providing of these new payment services granted by relevant national authority within the European Union.
Entities licensed to provide a payment service (account information services provider, payment initiation services provider and issuer of payment means linked to a payment card) must fulfil conditions pursuant to the PSD2 Regulation and guarantee the same data protection and security as banks.
It must be stated that access to the this client’s payment account will be made available only with the payment account holder’s consent.
What is the regulatory technical standard (RTS)?
This is Commission Delegated Regulation (EU) 2018/389 of 27. 11. 2017, which contains regulatory technical standards for strong customer authentication and common open communication standards developed by the European Banking Authority (EBA) in cooperation with the European Commission. The RTS will enter into effect 18 months following their approval by the European Parliament and following their issue in the collection of laws, meaning 14. 9. 2019.
What is an API?
An API (Application Programming Interface) is a communication interface that enables third parties to securely communicate with a bank. Through this interface the bank allows access to clients’ accounts to third parties in order to provide new payment services. Since the Act enables a payment services provider to select the technical method of how to ensure third-party access to a payment account, and this either by means of an API interface or by means of reading the user interface (screen scraping), the Bank can select one of these two methods, and thereby fulfil its statutory duty.
Access to PSD2
API access in the production environment
Access to the Reserved Interface of Slovenská sporiteľňa, a.s. (“API”) API access in the production environment
In accordance with Act No 492/2009 on payment services and amending certain acts, as amended (“Act”) and in accordance with Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (“RTS for SCA & CSC”), Slovenská sporiteľňa, a.s. (“Bank”) authorises third parties who are licensed payment service providers to access the payment accounts of payment service users who are clients of the Bank via an API. It implements access in compliance with the principles of equality and non-discrimination.
Pursuant to Article 30(3) of the RTS for SCA & CSC, the Bank publishes on its website a summary of relevant documentation including the technical specification of the API and all information necessary for third parties to have access to the payment accounts of the Bank’s clients.
Step by step
Comprehensive documentation on sandbox and production access, third-party licensed payment service provider registration, and third-party application integration is posted on the ERSTE Developer Portal: https://developers.erstegroup.com/