Open Banking Specifics in Iceland

# Authentication flows and SCA

Icelandic banks rely almost exclusively on redirect authentication flows. The primary authentication mechanisms used by banks are the national electronic identity (opens new window) schemes: SIM-based electronic ID (Rafræn skilríki á farsíma (opens new window)) and the Auðkenni app. In the first scheme users enter their phone number and approve authentication using PIN-code recognised by the SIM-card in their phone. In the second scheme users enter their kennitala (national ID) and then approve the SCA request in the Auðkenni app on their smartphone. Other SCA methods vary from bank to bank.

# Major Banks (ASPSPs)

The most widely used Icelandic ASPSPs are:

• Arion Bank
• Islandsbanki
• Landsbankinn
• Kvika Bank
• indó

A full list of Icelandic banks (as per EBA) is available here (opens new window).

# Regulatory Specifics

PSD2 was transposed into Icelandic law and became fully effective on 1 May 2022, imposing the same open banking obligations on Icelandic banks as in the EU.

# Payment Specifics

# Domestic payments

Domestic credit transfers settle in Icelandic króna (ISK). The Central Bank’s instant‑payment layer, MBK‑Inst, is available 24 / 7 / 365 for payments below 10 million ISK; larger payments clear in the RTGS component MBK‑RTGS.

# SEPA payments

Iceland belongs to the SEPA area, and Icelandic banks expose SEPA Credit Transfer (SCT) functionality in EUR via their PSD2 APIs. Instant SEPA Credit Transfer (SCT Inst) is generally not available via current Icelandic APIs. Some banks require customers to enable foreign payments before a TPP can initiate SEPA Credit Transfers.

# Specifics per ASPSP

# Arion Bank

Arion Bank uses a redirect authentication flow. When initiating authorisation of access to account information or a payment TPPs must provide end-user's ID. Up on redirect to the bank's authentication web page users have to choose between Auðkenni app, phone login and card login.

# indó

indó, Iceland's fully digital challenger bank, does not provide PSD2-compliant open banking API.

# Íslandsbanki

Íslandsbanki exposes open banking API, which used redirect authentication flow. After redirect to the bank's open baking authentication web page, users have to choose between SIM-based electronic ID (the default option requiring input of the user's phone numbers) and Auðkenni app.

# Kvika Bank

Kvika's open banking interface provides redirect authentication flow. After redirect to the bank's open baking authentication web page, users have to choose between SIM-based electronic ID (the default option requiring input of the user's phone numbers) and Auðkenni app.

# Landsbankinn

In its open banking interface Landsbankinn uses redirect authentication flow and supports automatic app switch then Landsbankinn app is install on the device where authentication has been started.