We have prepared a short tutorial about Open Banking.
BUSINESS PARTNERS AND TPP
Do you have questions? Send us a message
We have prepared a short tutorial about Open Banking.
The PSD2 (Payment Services Directive 2) enforced on 13 January 2018 affects the payment market. It imposes an obligation on banks and other payment providers to enable third party providers (TPP) initiate payment from bank accounts upon request of a customer and provide the appropriate historic data to them via the Application Programming Interface (API). The directive makes the bank market in the entire European Union available to new possibilities provided by open banking. PSD2 plays a role of a catalyst of common, profound digitisation of the key daily payment services in this regard.
Open banking is based on Application Programming Interface Technology to create new services and products, using data or certain features obtained from other providers. It creates a path for new products and services that can help customers as well as SMEs in obtaining a better offer in the financial industry. Its aim is also to ensure better understanding of their finance and to help find new methods for using one’s money in the best way possible. Open banking means bigger attractiveness of offers on the financial market from providers regulated by the Polish Financial Supervision Authority and its equivalents in Europe.
PolishAPI is a response of the Polish payment sector (banks and non-bank entities) to the need for reinforcing financial innovations in Poland in a non-discriminating and sustainable way. It defines the interface for the purpose of services provided by third parties based on access to payment accounts. API provided by PKO Bank Polski is based on the PolishAPI standard.
Text source: https://polishapi.org
New services implemented by the PSD2 directive can be provided by payment service providers or EU payment service providers if such providers hold a certificate for providing payment initiation services (PIS) and account information services (AIS). In the case of a service of confirming availability of funds on payment account (CAF), a provider issuing payment instruments based on payment card will be authorised to provide such a service, on condition of meeting requirements specified in the act on payment services.
To become a TPP, you should obtain the status of a payment service provider and a permit for providing payment initiation services or account information services from the appropriate supervision authority, including from the Polish Financial Supervision Authority. In the case of payment service providers from other EU countries, they can provide PIS and AIS on condition of obtaining an appropriate permit of the local authority for providing such services and to benefit from the formula permitted by the PSD2 directive, i.e. performing its activity through a branch within the scope of trans-border activity or through an agent.
In the case of a service of confirming availability of funds on payment account (CAF), providers issuing payment instruments based on payment card will be authorised to provide such a service.
If you are interested in direct cooperation and development of new dedicated services based on using API with PKO Bank Polski, contact us at email@example.com
Fill out the submission form on the homepage at and developers.pkobp.pl then wait for verification from PKO Bank Polski.
We are doing our best to improve our service continuously so we will be grateful for any feedback regarding errors, sent to zgłoszenia.firstname.lastname@example.org along with a problem description. We will respond as soon as possible.
We plan to develop and improve our Portal and API Services on an on-going basis but we are available in the case of any change suggestions that aim at improving your experience and your customer’s experience. In such a case, you are encouraged to send a message to email@example.com
So called Application Programming Interfaces (APIs) are a method of accessing functions of web applications, remotely, via a set of well-defined messages exchanged between the application and its client application. The PSD2 European directive selected APIs as preferred way of accessing functions of electronic banking by companies other than banks, so called Third Party Providers (TPPs).
OAuth 2.0 is an authorization protocol, used for delegating access to protected resources, such as web applications and APIs, in the way preventing the side requesting access from getting knowledge of the security credentials of the resource owner – using so called redirection.
According to PSD2, new types of entities appeared on the payment service market. Besides banks, payment institutions, post operators, there are also providers defined as Third Party Providers (TPP), which can use the possibility of offering new services based on PSD2, executive acts (including Regulative Technical Standards) and acts of the local law. New service categories are as follows:
Account Information Service (AIS) – a service of access to information about an account, defined in Article 3(6) of the act on payment services (e.g. aggregated information about status of bank accounts, providing easy online access for customers, into their financial condition)
Payment Initiation Service (PIS) – a service of initiating a payment transaction, defined in Article 3(5) of the act on payment services (e.g. initiation of a payment using a customer’s bank account on their behalf).
Confirmation of the Availability of Funds (CAF) – a service of confirming a certain amount availability on a payer’ s account, required to complete a payment transition, defined in Article 49(a)(1) of the act on payment service
Do you have questions? Send us a message
Protection of users’ privacy is of primary importance for PKO Bank PolskiS.A.
The Bank exercises any efforts to protect the data of its’ customers.
Use and collection of information about Internet users of the Bank’s websites is limited to the necessary minimum, required for the provision of top-level services by the Bank.
Below, please find information pertaining to collection of data and the principles of processing and using such data. Use and collection of information about Internet users of websites is limited to the necessary minimum, required for the provision of top-level services by the Bank.
[What is the purpose of data processing?]
In the case of direct marketing, we can send our clients offers of products and services offered by the Bank adjusted to their needs and interests in a mode for which the client previously agreed. The client may always resign from receiving personalised offers and trade information and profiling.
[Which data are collected?]
The Bank collects personal data of users of the Bank's website who may be the current or potential clients. The collected data refer to the activity of users.
Personal data include information which PKO Bank Polski S.A. may use to identify a client. The Bank does not collect data pertaining to the identity of a person, political or religious beliefs, data about health or ethnic origin.
[Links to websites other than www.pkobp.pl]
The Bank is not liable for principles of privacy protection applied by owners of other websites than pkobp.pl, the links to which are posted on the Bank's website. The users are asked to read the content of declarations on privacy protection presented on partner websites.
The list of advertising agencies and other entities involved in analytics of websites with which the Bank cooperates are located on the Bank's website at the following address: https://www.pkobp.pl/podmioty/.
Some websites make use of Floodlight technology, which creates collective statistics about the use of a website. Floodlight may recognize certain information on the user’s computer, such as the number of cookies, time and date of the website visit and description of the website where Floodlight was implemented.
[Advertising agencies and other entities involved in website analysis]
During visits on website, cookies or Floodlight files are saved on the end device of the user which were commissioned by the Bank from advertising agencies and other entities handling website analytics. This allows the Bank to collect statistics as part of websites or measure the user’s reaction to the Bank's advertisements and presentation of the Bank’s advertisements in line with the user’s preferences.
We will inform you about such changes on the Bank’s websites (https://www.pkobp.pl/polityka-prywatnosci/)
[End of Microsoft support for Windows XP: make sure you use your Internet account safely]
In line with the information presented on Microsoft websites, after cessation of technical assistance on 8 April 2014, Windows XP will continue to operate, yet computers may be exposed to malicious software and attacks of cyber-criminals in a greater degree -Learn more
In spite of using most recent versions of anti-virus software and Firewall, computers with the XP Windows operating system may be greatly susceptible to such attacks. Such attacks may result in theft of access data (log-ins and passwords) to transaction websites or, e.g. taking over control over the computer.
Only regularly updated software and the manufacturer’s support for the operating system offers greater safety. Therefore, PKO Bank Polski recommends that its users of Internet banking use operating systems covered by full technical support by their manufacturers and update the system software to new versions of Windows or change for another system which can be regularly updated. More information is available on the website of Microsoft, the manufacturer of Windows XP.
[PERSONAL DATA CONTROLLER]
The personal data controller is Powszechna Kasa Oszczędności Bank Polski S.A. with its registered office in Warsaw, address: ul. Puławska 15, 02-515 Warsaw, entered in the District Court for the Capital City of Warsaw in Warsaw in Warsaw, 13thCommercial Division of the National Court Register, under entry No. KRS 0000026438, VAT Reg. No. (NIP): 525-000-77-38, State Statistical No. (REGON): 016298263; share capital (paid-up) PLN 1,250,000,000, hot line: +48 800 302 302.
[Data Protection Officer]
A Data Protection Officer was appointed in PKO Bank Polski S.A., address: Data Protection Officer, address, ul. Puławska 15, 02-515 Warsaw, e-mail address: firstname.lastname@example.org. Data pertaining to the Data Protection Officer are available on the Bank's website in the “GDRP” tab (https://www.pkobp.pl/rodo/).
Detailed information pertaining to the processing of personal data by PKO Bank Polski S.A. is available on the Bank’s website in the “GDRP” tab (https://www.pkobp.pl/rodo/).