Open Banking Specifics in Poland

# Authentication flows and SCA

Polish banks predominantly use redirect-based authorisation flows for Open Banking, following the local PolishAPI standard requirements. During the authentication process, users are redirected to the bank's online banking interface where they log in with their internet banking credentials. Strong Customer Authentication (SCA) is typically performed using mobile banking apps. Automatic app switching is generally not supported by Polish banks.

Unlike banks in most other countries where PSD2 is applicable, most Polish banks make account holder's postal address available through their Open Banking APIs. Payment service users have to approve access to account details including postal addresses during the consent step.

# Major Banks (ASPSPs)

The most widely used Polish ASPSPs, in order of significance, are:

• PKO Bank Polski
• Bank Pekao
• Santander Bank Polska
• mBank
• ING Bank Śląski
• Bank Millennium
• Alior Bank

A complete list of Polish ASPSPs is available here (opens new window).

# Payment Specifics

Polish banks support domestic payments in PLN (Polish Złoty) via their Open Banking APIs through the Elixir payment system. Additionally, as Poland is a member of SEPA, banks also support SEPA Credit Transfers (SCT) in EUR.

Express Elixir is Poland's instant payment system that processes payments in real-time 24/7, with funds credited to the recipient's account within seconds. This system is widely supported by Polish banks for domestic PLN transactions.

# Specifics per ASPSP

# Alior Bank

Alior Bank employs redirect-based flows for Open Banking authentication. The bank utilizes its own mobile applications for SCA purposes. The mobile applications are "Alior Mobile" for personal accounts and "Alior Business Mobile" for business accounts. Automatic app switching is not supported.

# Bank Millennium

Bank Millennium uses redirect-based flows for Open Banking authentication. The bank released an updated version of their mobile application in 2024, which provides a simplified user experience for authentication and transaction approval. Automatic app switching is not supported.

# Bank Pekao

Bank Pekao follows the redirect-based authentication flow, utilizing the PeoPay mobile application for SCA. Automatic app switching is not supported.

# ING Bank Śląski

ING Bank Śląski provides redirect-based authentication with SCA through the Moje ING mobile app. The authentication process involves entering online banking credentials followed and automatic app switching is not supported.

# mBank

In its open banking interface mBank uses redirect-based authentication flows. Users authenticate with their online banking credentials and complete SCA through the mBank mobile app. Automatic app switching is not supported.

# PKO Bank Polski

PKO Bank Polski uses redirect-based authentication flow with Strong Customer Authentication through the IKO mobile app. Automatic app switching is not supported.

# Santander Bank Polska

Santander Bank Polska supports redirect-based authentication flows. Users authenticate using their online banking credentials and perform SCA through the Santander mobile banking app. Automatic app switching is not supported.