Open Banking Specifics in Croatia

# Authentication flows and SCA

Croatian ASPSPs follow the redirect‑based authorisation model mandated by PSD2.

• When the consent or payment initiation is started on a mobile device that already has the bank's app installed, users are automatically bounced to the app to approve the request.
• On desktop (or if a mobile device the bank's app is not installed), customers are shown the bank's web login page and typically approve with an OTP generated by the same mobile app (or, for legacy users, a hardware token).

This pattern is identical across the large retail banks and is specified in the Croatian Banking Association's national implementation of the Berlin Group NextGenPSD2 profile.

# Major Banks (ASPSPs)

• Zagrebačka banka
• Privredna banka Zagreb (PBZ)
• Erste Bank
• OTP banka
• Raiffeisenbank Austria (RBA)

A complete list of Croatian ASPSPs is available here (opens new window).

# Payment Specifics

Since 1 January 2023 Croatia's local currency is EUR, thus SEPA Credit Transfer (SCT) is supported by all Croatian banks via their open‑banking APIs. National instant payment system EuroNCSInst is used by all Croatian banks. The system enables it participants a full reachability and interoperability with TIPS.

# Specifics per ASPSP

# Zagrebačka banka

SCA for both account information and payment initiation services is performed with the m‑zaba mobile banking app. From 15 Feb 2024 the bank retired physical tokens; mToken inside m‑zaba is now the only authentication method. On the mobile devices there is an option to authenticate using the m-zaba app without the need to enter credentials. If the m-zaba app is not installed on the device from which authentication is performend, users need to enter the serial number of the token and generated OTP.

# Privredna banka Zagreb

For SCA in the PSD2 channel private customers of Privredna banka Zagreb (PBZ) can use #withKEY functionality of the PBZ mobile app, the PBZ mToken mobile app, or the EMV CAP/DPA hardware token. Business customers can also use Fina digital certificates. Users are required to input their credentials when authenticating in the PSD2 channel.

# Erste Bank

Users of the bank's Open Banking interface are redirect to the web page requiring input of credentials for either a hardware authentication token or mToken available in the Erste mBanking app. George Hrvatska mobile app does not yet provide the mToken functionality and the app switch is not supported for open banking auth.

# OTP banka

Integration towards this bank is not yet supported by Enable Banking. If you are interested in integrating with this bank's Open Banking interface, please contact our tech support.

# Raiffeisenbank Austria

Raiffeisenbank Austria (RBA) users are required to input their personal identification number (osobni identifikacijski broj, OIB). SCA is handled through the mojaRBA mobile app.