Open Banking Specifics in Hungary
# Authentication flows and SCA
Hungarian banks primarily rely on redirect-based flows for PSD2 authentication. End-users are redirected to the bank's web authentication interface, where they must provide their username (or customer ID) and password or PIN code. The Strong Customer Authentication (SCA) step is typically completed using a bank's mobile app or a hardware token, depending on the bank.
Most banks require users to manually open the mobile app to complete the SCA — automatic app switching is not commonly supported.
# Major Banks (ASPSPs)
The most widely used Hungarian ASPSPs are:
- OTP Bank
- K&H Bank
- Raiffeisen Bank
- MBH Bank (merger of MKB Bank, Takarékbank and Budapest Bank)
A full list of Hungarian banks (as per EBA) is available here (opens new window).
# Regulatory Specifics
To comply with the Hungarian regulation of the MNB regarding the national instant payment system, Azonnali Fizetési Rendszer (AFR), it is required to display the qvik logo next to every transaction executed through AFR.
As Enable Banking does not provide a user interface where the logo can be displayed (we operate solely as an API provider), applications using the Enable Banking API must display the qvik logo in their own user interfaces.
In accordance with the licensing agreement, licensees of the Enable Banking API are required to assist Enable Banking in ensuring compliance with applicable regulations. Enable Banking may audit licensees' applications that use the Enable Banking API. If an application does not meet regulatory requirements, Enable Banking reserves the right to terminate the agreement.
You can download the qvik logo and find additional information on the MNB's website (opens new window) (in Hungarian). More details about qvik are also available at https://mnb.hu/qvik (opens new window) (in Hungarian).
# Payment Specifics
All Hungarian ASPSPs support domestic payments in Hungarian Forint, the local currency, and SEPA Credit Transfers (SCT) in EUR via their Open Banking APIs.
Instant SEPA Credit Transfer (SCT Inst) support is generally not available in Hungarian banks' PSD2 APIs.
Many banks enforce restrictions on international transfers (e.g., requiring prior enablement or whitelisting of foreign IBANs via digital banking channels).
# Specifics per ASPSP
# K&H Bank
K&H uses a redirect authentication flow with SCA primarily via the K&H mobilbank app. In order to initiate authorisation of access to account information, it is required to provide the IBAN of the user authenticating. After redirect to the bank's authentication web page, users are prompted to choose prefered SCA method: mobile-token functionality of the K&H mobilbank app, SMS or ViCA, the authentication app supported by most Hungarian banks.
# MBH Bank
MBH Bank (created by the merger of MKB Bank, Takarékbank and Budapest Bank) still provides three separate open banking APIs, each corresponding to one of the former institutions, with entirely different auth flow.
# OTP Bank
OTP Bank uses a redirect authentication flow for Open Banking. Users are redirected to OTP's authentication page, where they must first choose between private and business accounts. Then, they select the required SCA method: OTP InternetBank/MobileBank (for private users only) and OTPdirekt (available to both private and business users).
# Raiffeisen Bank
Raiffeisen Bank uses a redirect-based authentication flow and requires users to provide their user ID (either an 8-digit Direkt ID or Electra User ID), the IBAN and the currency of the account to which access will be authorised before redirect to the bank's authentication web page. On the bank's authentication web page, users must enter their password followed by SCA.
SEPA payments towards foreign IBANs must be explicitly enabled via the user's digital banking interface before they can be confirmed via the API.