Open Banking Specifics in Italy
# General Specifics
Many Italian banks offer PSD2-compliant Open Banking APIs through the platform offered by CBI Globe (opens new window). CBI Globe provides a standardized interface across many Italian banks, but integration quality, feature support, and user experience still vary significantly across institutions. However, signifisant number of banks have adopted their own implementations instead of or in addition to CBI Globe. As a result, Italian banks offer variability in authentication flow design, supported payment products, and data availability through AIS endpoints.
# Authentication flows and SCA
Most Italian banks use redirect-based flows for user authentication. The user is redirected to the bank's authentication page, where login and SCA are completed. Many banks offer support for mobile apps with biometric SCA (e.g., fingerprint or facial recognition), but automatic app-switch is not consistently implemented across institutions.
Other SCA methods, such as OTP via SMS or hardware tokens, are still common, especially for business customers. Most banks require customers to input a fiscal code (codice fiscale) or username/client ID, followed by password or PIN, before triggering SCA.
Many Italian banks enforce one active consent per TPP per user. Initiating a new consent invalidates the previous one, affecting both AIS and PIS services.
# Major Banks (ASPSPs)
The most widely used Italian ASPSPs are:
- Intesa Sanpaolo
- UniCredit
- Banco BPM
- Banca Monte dei Paschi di Siena (Banca MPS)
- BPER Banca
- Crédit Agricole Cariparma
- Poste Italiane (BancoPoste and Postepay)
Full list of banks (as per EBA) is available here (opens new window).
# Payment Specifics
All major Italian banks support SEPA Credit Transfers (SCT) in EUR. Support for Instant SEPA Credit Transfers (SCT Inst) is available for some banks, such as Intesa Sanpaolo and UniCredit, but is not consistently implemented across the sector.
Italian banks typically require the debtor account to be specified explicitly in payment initiation requests.
# Specifics per ASPSP
# Banca Monte dei Paschi di Siena
Banca Monte dei Paschi di Siena (Banca MPS) uses a web-based redirect flow. SCA is performed via OTP, either through SMS or with a hardware token. The MPS MyBank mobile app supports SCA via biometrics, but app switching is not automatic. Users must enter their credentials before proceeding.
# Banco BPM
For Open Banking, Banco BPM uses a redirect authentication flow with SCA performed in the YouApp - Banco BPM mobile app. There is no automatic app switch, and users are instructed to open the app manually to complete authentication.
# BPER Banca
For Open Banking, BPER uses the redirect authentication flow. The bank offers different open banking APIs for current account and card. When using Enable Banking API users have to choose between BPER Banca and BPER Banca Carte brands.
# Crédit Agricole Cariparma
In their Open Banking interface Crédit Agricole Cariparma (Crédit Agricole Italia) implements a redirect-based authentication flow with support for biometric SCA in the NowBanking app. There is no automatic app switch. Authentication starts with user code and "important date" (acting as a PIN) entry.
# Intesa Sanpaolo
Intesa Sanpaolo uses a redirect-based flow for authentication in their open banking interface. SCA is performed using the Intesa Sanpaolo Mobile app. App switch is supported but not automatic, users have to choose between continuing with Intesa Sanpaolo Mobile app or manual input of their credentials.
# Poste Italiane
Poste Italiane (BancoPoste and Postepay) operate its Open Banking APIs through the CBI Globe platform. Before initiating the redirect-based authentication flow users have to choose between BancoPoste and Postepay depending on the financial services they use. SCA for both BancoPoste and Postepay relies on PosteID.
# UniCredit
UniCredit provides a redirect-based authentication flow in their open banking interface. After redirect to the bank's authentication web page users have to enter their member code and PIN. This is followed by SCA using OTP via SMS or mobile push notification in the UniCredit Mobile Banking app.
Automatic app switch is not available. Users must manually open the app when prompted for SCA.