Open Banking Specifics in Finland
# Authentication flows and SCA
Finnish banks rely exclusively on redirect flows. On both mobile devices and PC end-users are redirected to the banks' web login where they enter their credentials and possibly choose an SCA method. All incumbent Finnish banks use 8-digit user IDs, which most users remember by heart as authentication using bank credentials is very wide-spread and has a long history of being in use. Each banks offers its own mobile apps for SCA (e.g., Nordea ID, Danske ID, Aktia ID) or embeds SCA functionality into their mobile banking apps (e.g., OP's OP-mobile app, and S-mobiili app of S-Pankki). Automatic app-switch on mobile devices where auth app is installed is not common.
# Major Banks (ASPSPs)
The most widely used Finnish ASPSPs are:
A full list of Finnish banks (as per EBA) is available here (opens new window).
# Payment Specifics
All Finnish banks support SEPA Credit Transfers (SCT) in EUR (Euro), the local currency, via their open banking APIs. Currently, Finnish banks' PSD2 APIs do not allow explicitly initiating Instant SEPA Credit Transfers (SCT Inst); however, OP and Danske Bank will process most eligible payments as Instant SEPA Credit Transfers automatically.
In addition to the ISO 11649 creditor reference (opens new window), the Finnish domestic reference number scheme is widely used.
Several banks — including Säästöpankki, Oma Säästöpankki, and POP Pankki — require end users to enable international payments (on a per-country basis) before SEPA credit transfers to non-Finnish IBANs can be confirmed via their open banking APIs.
# Specifics per ASPSP
Below are some notable specifics for the banks operating in Finland.
# Aktia
Until 25th of June 2025, Open Banking interface provided by Aktia used the decoupled flow and required end-users to authenticate using legacy code cards and autorise payments using combination of the code card and SMS OTP. The new Open Banking interface using the redirect flow allows SCA via the Aktia ID app or the legacy code cards. Enable Banking has migrated its integration to the new API.
# Danske Bank
Danske Bank uses the Danske ID app for authentication. When the Open Banking flow is initiated on a device with Danske's Mobiilipankki app installed, the redirect will automatically switch to the app to complete SCA via biometric or PIN approval.
Users without the app are directed to the browser, where they are asked to input their user ID and password, after which a push notification is sent for authentication with Danske ID.
Guides for end users on authorisation and actions, which might be required to enable access to open banking are available here (opens new window).
# Nordea
Nordea uses the Nordea ID app for SCA. When redirecting users for authentication, there is no automatic app switch from the browser to the app. Instead, users must enter their 8-digit user ID, after which they are prompted to open the Nordea ID app to approve the action.
For the business users Nordea provides multiple account types managed through different systems. Open banking APIs differ for this systems and correspondingly when using Enable Banking API end-users have to choose different "brands" depending on the system they use. Available the options are:
- Nordea (for the users of Nordea Business (opens new window), which is used mostly by SME customers),
- Nordea Corporate (for the users of Nordea Corporate Netbank (opens new window), which is mainly used by larger companies),
- Norde First Card (for the users of Nordea First Card (opens new window) providing payment cards for businesses).
When initiating a payment without explicitly specifying a debtor account in the request, Nordea requires double SCA: the first authentication is used to fetch the list of accounts, and the second is used to authorise the selected payment.
Guides for end users on authorisation and actions, which might be required to enable access to open banking are available here:
# OP
OP uses the OP-mobile and OP Yritysmobiili apps for retail and corporate customers, respectively. When accessed from a mobile device with the app installed, the Open Banking redirect flow automatically switches to the OP's app for SCA via Mobile Key (Mobiiliavain) functionality of the app.
On devices without the app, users are shown a browser-based authentication screen, where they can choose between Mobile Key (the default option) and a printed code list. In both cases, users are required to enter their 8-digit user ID. If the printed code list is used, users must also enter their passcode, and a code index will be sent to them via SMS for completion.
Guides for end users on authorisation and actions, which might be required to enable access to open banking are available here (opens new window).
# S‑Pankki
S‑Pankki uses the S‑mobiili app for authentication. When Open Banking is initiated on a mobile device, the redirect flow automatically switches to the app. However, users are still required to manually enter their 8-digit user ID within the S-mobiili app before they can approve the request via PIN or biometrics. If the app is not installed, users fall back to a web-based flow where QR code for scanning with the S‑mobiili app will be presented.
Guides for end users on authorisation and actions, which might be required to enable access to open banking are available here (opens new window).
# Säästöpankki
Säästöpankki uses the Säästöpankki Tunnistus app for Strong Customer Authentication. There is no automatic app switch during the Open Banking flow. Users are first redirected to the authentication web page, where they must input their 8-digit user ID, after which they are prompted to manually open the Tunnistus app to complete the authentication.
Säästöpankki requires customers to enable international payments (on a per-country basis) before SEPA credit transfers to non-Finnish IBANs can be confirmed via their open banking APIs.
Guides for end users on authorisation and actions, which might be required to enable access to open banking are available here (opens new window).