Open Banking Specifics in Germany
# Authentication flows and SCA
German banks predominantly use redirect-based flows for PSD2 Open Banking authentication. Noticably exception is Volksbanken Raiffeisenbanken (the German Cooperative Financial Group), which only offers decoupled and so-called embedded flows.
Strong Customer Authentication (SCA) is typically performed using mobile banking apps, photoTAN, pushTAN, or chipTAN methods. The method varies per bank and per user profile, especially between retail and corporate customers.
Identification during login generally involves entering a user number or login name, often followed by a PIN.
# Major Banks (ASPSPs)
The most widely used German ASPSPs include:
- Deutsche Bank
- Commerzbank
- Postbank (part of Deutsche Bank)
- HypoVereinsbank (UniCredit banking group)
- DKB (Deutsche Kreditbank)
- ING
- Volksbanken Raiffeisenbanken
- Sparkasse
A full list of German banks (as per EBA) is available here (opens new window).
# Payment Specifics
All German ASPSPs support SEPA Credit Transfers (SCT) in EUR (Euro) through their open banking APIs. Instant SEPA Credit Transfers (SCT Inst) are supported by some banks, particularly larger ones like Deutsche Bank, Commerzbank, and DKB, but are not yet universally supported across all German ASPSPs.
Due to so-called batch processing, many German banks do not provide final statuses such as ACSC,
ACCC, or RJCT for initiated payments. The last available status depends on the bank and the type
of payment being initiated; often, the last available status is ACCP.
# Specifics per ASPSP
# Deutsche Bank
Deutsche Bank uses the redirect authentication flow. However, before the redirect can be done, user's identification needs to be provided. So-called FKDN (3 digit branch number and 7 digit customer number) is used for user identification. After redirect to the bank's authentication page, the user is required to input the sub-account number and the PIN. Multiple SCA methods available depending on the user's setup, including Deutsche Bank photoTAN app and TAN generator.
# Commerzbank
Commerzbank supports a redirect-based flow. Up on redirect to the bank's authentication page users are required to input their online banking credentials: 8 digit banking ID (Teilnehmernummer) or its alias (Benutzername) and PIN. Once authenticated, users are prompted to confirm the access to account information or payment using a TAN provided through the Commerzbank photoTAN app.
Corporate and retail users access Open Banking through the same interface.
# Postbank
Postbank (part of the Deutsche Bank) uses redirect authentication flow. Before the redirect can be done, user's Postbank ID needs to be provided. The primary SCA method is Postbank's BestSign mobile app.
# HypoVereinsbank
HypoVereinsbank (UniCredit group) provides Open Banking API with redirect authentication flow. After redirect to the authentication web page users have to input their direct banking number and PIN. SCA is performed using the HVB Banking mobile app.
# DKB
When using open banking interface DKB (Deutsche Kreditbank) users can choose between SCA with DKB mobile app (redirect-based flow with automatic app switch when DKB mobile app is installed) and Chip TAN (decoupled flow). In both options username and password are to provided before authentication can be started.
# ING
ING Germany supports Open Banking interface with the redirect authentication flow. App switch to the ING Deutschland app is done automatically when the app is install on the device from which open banking auth flow is triggered.
# Volksbanken Raiffeisenbanken
As a network of many regional cooperative banks, users must select their local bank when initiating Open Banking authentication. SCA using VR SecureGo plus app, SmartTAN, SmartTAN Photo and Mobile TAN methods can be used (depending on the users settings). All SCA methods require providing VR NetKey (user ID) and PIN. App switch is supported when the SecureGo app is present.
Support for Instant SEPA payments varies by individual bank within the network.
# Sparkasse
Sparkasse is the group of a large number of regional banks. In Open Banking, users must select their specific Sparkasse. After redirect to the bank's authentication web page, users shall enter the Anmeldename (login name) and Online-Banking-PIN. SCA is typically performed using the S-pushTAN app or a chipTAN device. Mobile users with the S-pushTAN app installed benefit from automatic app switch during authentication.
SCT Inst support varies by regional bank.