# Open Banking Specifics in France
# Authentication flows and SCA
French banks primarily use redirect-based flows for Open Banking authentication. End users are redirected to their bank's authentication page, either within the browser or via app switch when the bank's app is installed on a user's mobile device. Strong Customer Authentication (SCA) is typically completed through the bank's mobile app, but dedicated security devices are also in use, aspecially for corporate users.
French users authenticate using various identifiers depending on the ASPSP, such as customer ID or email.
# Major Banks (ASPSPs)
The most widely used French ASPSPs are:
- BNP Paribas
- Crédit Agricole
- Société Générale
- La Banque Postale
- Credit Mutuel
- LCL
- Banque Populaire (BPCE Group)
- Caisse d'Épargne (BPCE Group)
Full list of banks (as per EBA) is available here (opens new window).
# Payment Specifics
All French banks support SEPA Credit Transfers (SCT) in EUR (Euro) via their open banking APIs. Support for Instant SEPA Credit Transfers (SCT Inst) varies by ASPSP and is not yet universally available via PSD2 APIs.
Some banks require the beneficiary to be added and validated in the customer's online banking before payments to a new recipient can be initiated via API.
# Specifics per ASPSP
# BNP Paribas
BNP Paribas uses its mobile banking app MesComptes for SCA, with automatic app switch supported on mobile devices. If the app is not installed, users authenticate via browser using customer number and 6-digit secret code with consequent SCA using the mobile app.
# Crédit Agricole
Crédit Agricole operates as a group of regional banks and when using open banking its customers shall choose their local bank. However, SCA is performed using the Ma Banque app working for all regional banks. Redirect flow supports app switch if the app is installed. When the app is noy install user authentication requires input of a 11-digit personal ID and 6-digit PIN.
# Société Générale
Société Générale provides different open banking APIs for its provate, SME and enterprise customers. At the Enable Banking API level this is handled through exposure of 3 different ASPSP brands: Société Générale (private customers, PSU type "personal"), Société Générale Professionnels (SME customers, PSU type "business") and Société Générale Entreprises (enterpise customers, PSU type "business"). Additionally the ASPSP brand "Société Générale Global Cash" for the users of SG Markets (opens new window) cash management service; this brand is also available on other markets where Société Générale provides the service.
All Société Générale's open banking APIs provide redirect authentication flows with SCA performed differently depending on the customer type, mainly through push notification sent to a particular mobile app, e.g., L'Appli SG available for private customers. Automatic app switch is not supported.
# La Banque Postale
La Banque Postale uses a browser-based redirect flow and users are required to input the 10-digit code used by the bank for their identification. App switch is not supported.
# Crédit Mutuel
While Crédit Mutuel operates as a group of regional banks it offers a single redirect-based flow for all regional banks, so users don't have to choose their local bank. After redirected to the bank's authentication web page users have to choose between "Login / Password", "Electronic Certificate" and "Safetrans" SCA methods. Automatic app-to-app redirection is not available.
# LCL
LCL provides redirect authentication flow. After redirection to the bank's authentication page, users have to input their LCL identification number followed by the access code. Only private and SME customers can access the open banking interface; the bank does not provide PSD2-compliant API for users of LCL Espace PRO and LCL Entreprises offerings. Automatic app-to-app redirection is not available.
# Banque Populaire
Banque Populaire operates as a group of regional banks (part of the BPCE Group) and when using open banking its customers shall choose their local bank. However, SCA in the redirect authentication flow is performed using the Banque Populaire app working for all regional banks except BRED Banque Populaire. The flow supports app switch if the app is installed. BRED Banque Popilaire authentication flow after redirect to the bank's authentication web page requires input of the BredConnect username and password.
# Caisse d'Épargne
Caisse d'Épargne operates as a group of regional banks (part of the BPCE Group) and when using open banking its customers shall choose their local bank. However, SCA in the redirect authentication flow is performed using the Banxo app working for all regional banks. Redirect flows include automatic app switch when the mobile app is present.