Open Banking Specifics in Romania
# Authentication flows and SCA
Romanian banks predominantly use redirect-based flows for Open Banking authentication, following PSD2 requirements. Users are redirected to their bank's authentication interface where they complete Strong Customer Authentication (SCA) using multiple factors. SCA is typically performed through the banks' mobile banking applications using biometric authentication (fingerprint, face recognition) or security codes generated by the apps.
# Major Banks (ASPSPs)
The most widely used Romanian ASPSPs, in order of market significance, are:
- Banca Comercială Română (BCR)
- Banca Transilvania (BT)
- BRD
- ING
- UniCredit Bank
- Raiffeisen Bank
- OTP Bank
A complete list of Romanian ASPSPs is available here (opens new window).
# Payment Specifics
Romanian banks support SEPA Credit Transfers (SCT) in EUR (Euro) through their Open Banking APIs, as Romania is part of the Single Euro Payments Area. Additionally, banks support domestic payments in RON (Romanian Leu) through the SENT system operated by Transfond.
SEPA Instant Credit Transfers (SCT Inst) and domestic instant payments are supported by most major Romanian banks through the Plăți Instant service, enabling real-time transfers that are processed within 10 seconds and available 24/7/365. The instant payment infrastructure is well-developed in Romania, with broad adoption across the banking sector.
# Specifics per ASPSP
# Banca Comercială Română
Banca Comercială Română (BCR), part of the Erste Group, implements redirect-based flows for Open Banking authentication. The bank uses its BCR Mobile application for Strong Customer Authentication, supporting biometric authentication and security codes. BCR provides comprehensive Open Banking APIs with good performance and reliability.
# Banca Transilvania
Banca Transilvania (BT) uses redirect-based authentication flows with support for automatic app switching to its BT Pay mobile application. The BT Pay app serves as the primary SCA method, supporting biometric authentication (fingerprint, Face ID) and security codes for authorization.
# BRD
BRD, part of Société Générale Group, follows redirect-based authentication flows and utilizes its BRD Mobile application for Strong Customer Authentication. The bank supports instant payments and provides Open Banking APIs that align with Société Générale's European standards. SCA is performed through the mobile app using biometric verification or security codes.
# ING
ING Bank România implements redirect-based flows with automatic app switching to the ING HomeBank mobile application when installed. The bank leverages ING's international expertise in digital banking to provide robust Open Banking services. SCA is performed through the mobile app using biometric authentication.
# UniCredit Bank
UniCredit Bank completed merger of Alpha Bank România in August 2025 and strengthened its position in the Romanian banking sector, the combined bank has about 11% market share in assets.
UniCredit Bank uses redirect-based authentication flows and employs its UniCredit Mobile application for SCA.
# Raiffeisen Bank
Raiffeisen Bank România follows redirect-based authentication flows and uses its mobile banking application for Strong Customer Authentication. The bank supports both biometric authentication and traditional security code methods for SCA completion.
# Sandbox Availability
Raiffeisen Bank provides a sandbox environment suitable for end-to-end testing including authorisation flows, account information retrieval, and initiation of payments.
It is available through the Enable Banking API's sandbox environment. Please refer to the Sandbox Credentials section for the credentials to be used for authentication in the Raiffeisen Bank sandbox.
# OTP Bank
OTP Bank România uses redirect-based authentication flows and employs its mobile banking application for Strong Customer Authentication.