General Info
In Albania, the Bank of Albania has embraced the principles of PSD2 to safeguard online transactions and enhance consumer protection. The regulation "ON STRONG CUSTOMER AUTHENTICATION AND COMMON, OPEN, AND SECURE STANDARDS OF COMMUNICATION" (No. 29, dated 1.6.2022) was adopted to ensure the safe implementation of Open Banking services in the Albanian financial ecosystem. One of the key provisions of this regulation is the requirement for Strong Customer Authentication (SCA). SCA mandates the use of multi-factor authentication (MFA) to verify the identity of customers during online payments or access to their financial data. This authentication typically involves at least two of the following: something the user knows (e.g., a password), something the user has (e.g., a smartphone or hardware token), and something the user is (e.g., biometric data such as fingerprints or facial recognition). By enforcing SCA and other secure communication standards, the regulation aims to mitigate the risk of fraud and cyberattacks, providing consumers with confidence when making electronic payments or using online banking services.
Open Banking – PSD2: A New Era of Financial Services
Open Banking is a transformative financial model that allows the secure sharing of customer financial data between banks and third-party providers (TPPs). This sharing is facilitated through Application Programming Interfaces (APIs), which enable a seamless exchange of information between different financial institutions and service providers. As a result, consumers can access a wide range of innovative services, including payment initiation, account information services, and more, all through a unified platform.
The European Union's revised Payment Services Directive, PSD2, has played a pivotal role in shaping this new era of banking. PSD2 aims to make payments more secure, foster competition, and enable consumers to have greater control over their financial data. Under this directive, banks are required to provide secure and standardized APIs for authorized third-party providers to access financial data with the explicit consent of the customer.
TPP
A Third-Party Provider (TPP) refers to an authorized payment service provider (PSP) that leverages standardized Application Programming Interfaces (APIs) to access a customer’s financial account data. These providers offer a variety of services, enhancing the functionality of the financial ecosystem by facilitating smoother, more efficient transactions and account management. TPPs are regulated entities, often required to meet strict security and compliance standards to ensure the protection of customer data and transactions. The services offered by TPPs can be categorized into three main types:
Payment Initiation Service Providers (PISP): These TPPs enable customers to initiate payments directly from their bank accounts to merchants or service providers. PISPs simplify the payment process by bypassing traditional card-based payment systems, offering faster and more cost-effective methods of online payments.
Account Information Service Providers (AISP): AISPs provide customers with a consolidated view of their financial accounts across multiple institutions, accessing "read-only" data such as account balances, transaction histories, and other relevant financial information. This service allows users to manage their finances better, track spending, and get more accurate insights into their financial health.
Payment Instrument Issuing Service Providers (PIISP): These TPPs facilitate the issuance and management of payment instruments, such as digital wallets or prepaid cards. They verify a user’s ability to perform a specific transaction by checking the available funds and credit limits, thereby ensuring the transaction can be processed successfully.
Sandbox
ProCredit bank enables third-party providers (TPPs) to access customer accounts and initiate payments on their behalf, provided the customer has given explicit consent. This service is fully aligned with the PSD2 Payment Services Directive, ensuring secure and regulated interactions between financial institutions and TPPs.
Through the dedicated application interface offered by ProCredit Bank , TPPs can securely connect and explore various functionalities for testing purposes. Detailed information and testing options are available within the interface.
To proceed with the process, please use the SANDBOX link https://developerhub.procredit-group.com/apis
Regulatory Framework
In order to inform you in more details regarding OPEN BANKING regulations, we suggest to access the links below:
Albanian Association of Banks website.
