Open Banking Specifics in Iceland
# Authentication flows and SCA
Icelandic banks rely almost exclusively on redirect authentication flows. The primary authentication mechanisms used by banks are the national electronic identity (opens new window) schemes: SIM-based electronic ID (Rafræn skilríki á farsíma (opens new window)) and the Auðkenni app. In the first scheme users enter their phone number and approve authentication using PIN-code recognised by the SIM-card in their phone. In the second scheme users enter their kennitala (national ID) and then approve the SCA request in the Auðkenni app on their smartphone. Other SCA methods vary from bank to bank.
# Major Banks (ASPSPs)
The most widely used Icelandic ASPSPs, in order of significance, are:
A full list of Icelandic banks (as per EBA) is available here (opens new window).
# Regulatory Specifics
PSD2 was transposed into Icelandic law and became fully effective on 1 May 2022, imposing the same open banking obligations on Icelandic banks as in the EU.
# Payment Specifics
# Domestic payments
Domestic credit transfers settle in Icelandic króna (ISK). The Central Bank’s instant‑payment layer, MBK‑Inst, is available 24 / 7 / 365 for payments below 10 million ISK; larger payments clear in the RTGS component MBK‑RTGS.
# SEPA payments
Iceland belongs to the SEPA area, and Icelandic banks expose SEPA Credit Transfer (SCT) functionality in EUR via their PSD2 APIs. Instant SEPA Credit Transfer (SCT Inst) is generally not available via current Icelandic APIs. Some banks require customers to enable foreign payments before a TPP can initiate SEPA Credit Transfers.
# Specifics per ASPSP
# Arion Bank
Arion Bank uses a redirect authentication flow. When initiating authorisation of access to account information or a payment TPPs must provide end-user's ID. Up on redirect to the bank's authentication web page users have to choose between Auðkenni app, phone login and card login.
# indó
indó, Iceland's fully digital challenger bank, does not provide PSD2-compliant open banking API.
# Íslandsbanki
Íslandsbanki exposes open banking API, which used redirect authentication flow. After redirect to the bank's open baking authentication web page, users have to choose between SIM-based electronic ID (the default option requiring input of the user's phone numbers) and Auðkenni app.
# Kvika Bank
Kvika's open banking interface provides redirect authentication flow. After redirect to the bank's open baking authentication web page, users have to choose between SIM-based electronic ID (the default option requiring input of the user's phone numbers) and Auðkenni app.
# Landsbankinn
In its open banking interface Landsbankinn uses redirect authentication flow and supports automatic app switch then Landsbankinn app is install on the device where authentication has been started.
# Account Type Restrictions
Landsbankinn offers a savings account product called Sparireikningur which has specific restrictions that affect its classification under PSD2. Each payment made to a Sparireikningur account is blocked for use for 12 months from the date the payment was made. During this 12-month period, the account does not function as a payment account. After the 12-month period expires for a given payment, the payment service user can use those funds for withdrawals, including transfers to third parties.
Due to these restrictions, Landsbankinn consulted with the Central Bank of Iceland (the FSA in Iceland) regarding the classification of Sparireikningur accounts. The FSA confirmed Landsbankinn's view that an account with such restrictions cannot be defined as a payment account under PSD2. Therefore, Sparireikningur accounts are not considered payment accounts and are not accessible via Landsbankinn's open banking API.
# Sandbox Availability
Landsbankinn provides a sandbox environment suitable for end-to-end testing including authorisation flows, account information retrieval, and initiation of payments.
It is available through the Enable Banking API's sandbox environment. Please refer to the Sandbox Credentials section for the credentials to be used for authentication in the Landsbankinn sandbox.