Frequently Asked Questions
Can't find the answer for your question below? Feel free to contact us here.
What is Santander Open Banking?
To help people and businesses prosper, Santander believes in giving them: "what they need, when they need it, in the context they need it." Open Banking will thus not only be limited to traditional banking services, but instead be a platform that will contain a myriad of services that truly goes beyond banking.
What APIs will be available?
Due to regulation our PSD2 APIs will be launched first, but don't worry, our API product catalog will continue to grow and new services will soon be available for you to implement in all the new, cool and innovative solutions you are developing.
What APIs and Services are in your roadmap?
We believe that the Payment Services Directive 2 (PSD2) is an important enabler for Open Banking and that most banks will aim to offer a broader value proposition for their customers and third parties developers. We will continuously work on developing new APIs with rich functionality and our goal is to be truly open and let our partners get access to the same services that we use internally. We value your feedback and encourage everyone to contribute with your thoughts if you wish to impact our roadmap.
Payment Services Directive 2 (PSD2)
What is PSD2?
Payment Services Directive 2 (PSD2) is a European Union regulative which imposes banks to give third parties access to their customers' payment accounts. The regulation means that banks need to offer APIs so that third parties can retrieve account information, transactions and initiate payments on behalf of the customer if they have a valid constent.
When will the Norwegian PSD2 legislation come into force?
The legislation will come into force at the 14th of September in Norway.
Which PSD2 APIs will be available?
Are there any fees for TPPs for using the PSD2 API's?
No. The PSD2 APIs are free to use for authorized third parties (TPP).
Is there a sandbox available?
Santander is offering a sandbox environment for TPP's to develop and test the PSD2 applications before the application is launched in the market.
What do I need to get started?
To get access to our PSD2 APIs you need to contact us at firstname.lastname@example.org.
We are currently working on a self-service onboarding process. More information will be provided as soon as we have something ready.
What is SCA?
Strong Customer Authentication (SCA) is a way to ensure security in the payments space. SCA is a necessity for the TPPs to retrieve account information and initiate payments on behalf of the customer. SCA consists of a combination of at least two out of three elements which can be classified as knowledge, ownership and inherence. Knowledge is something the user knows and could be a password or pin. Ownership is somehing the user possesses and could be a mobile device, token or similar. Inherence is something the user is, in other words biometrics of the form of fingerprint, face- or voice recognition. In Norway "BankID" and "BankID on mobile" are used for SCA.
What is an AISP?
Account Information Service Providers are the banks or third party services that access consumers' bank accounts and retrieve financial details. For the consumers these services can aggregate data from multiple accounts in multiple banks and provide a financial overview within a single application.
What is a PISP?
Payment Initiaition Service Providers are the banks or third party services that can initiate payments on behalf of a consumer. This will offer flexibility for the consumers and enable payments outside the traditional online bank delivered directly by the banks.
What is a TPP?
Third Party Providers is a common way to describe the new players that will emerge from PSD2. The TPPs are the consumers of the APIs delivered by banks - in this context the AISP's and PISP's.
What version(s) of the Berlin Group NextGenPSD2 specification do you support?
This is subject to change and for the most recent information we recommend to look at the API documentation.
Can I use the same APIs across the Nordics?
Currently there are different endpoints for the different countries in the Nordics, which will entail three separate integrations and onboarding processes between the countries. However, all API's are based on the Berlin Group NextGen PSD2 standard.
What is my consumer rights under PSD2?
The European Banking Association (EBA) has published a leaflet which explains the rights for you as a consumer under PSD2. This is called "EU Commission leaflet on consumer rights under PSD2" and can be found in detail by following the attached link, provided by the Norwegian FSA (Finanstilsynet).
Account Information Service (AIS)
What is Account Information Service?
Which products are supported in Account Information Service?
PSD2 only require that the banks or Account Servicing Payment Service Providers (ASPSP), give third parties (AISPs) access to payment accounts. In reality this limits the possible service-offering for the TPPs and Santander believes that in order to truly deliver on "Open Banking" and provide true value for customers, banks should strive to open up more than required and deliver services beyond PSD2 compliance. Santander will continuously review and extend the service offering as the Open Banking platform matures and we receive feedback from both partners and customers on our roadmap.
Payment Initiation Service (PIS)
What is Payment Initiation Service?
Payment Initation Service is the service delivered by the financial institutions to initiate a payment through a TPP registered as an PISP.
Will the new rules also apply to international payments?
Banks are obliged to offer all types of payments that are offered on their payments accounts in the online banks. Santander currently do not support international payments, but domestic payments will be available with our Payment Initiation Service.
Will all payments have to apply strong customer authentication? Are exemptions possible?
Even though the PSD2 allow exemptions for "frictionless flow" we will follow the advice given from The Financial Supervisory Authority (Finanstilsynet) and require SCA for every payment initiation. This desicion is to ensure security until the regulation has been fully implemented and fraud levels are proven to be at an acceptable level.