Country specific Account rules
Great Britain
Here you will find country specific information about our Account Information API and its implementation rules.
Individual customers
SCA Methods
The strong customer authentication (SCA) methods and security solutions applicable for British Individual customers are:
- Redirect: Card reader and log-on card, with / without cable
Payment Accounts
We will deliver PSD2 Payment Accounts for Individual customers.
Accounts API Attributes
In the below document you'll find which attributes are applicable for British customers, as well as other rules for Accounts (e.g. the maximum number of transactions).
Corporate customers
SCA Methods
The strong customer authentication (SCA) methods and security solutions applicable for British Corporate customers are:
- Redirect: Card reader and log-on card, with / without cable
Consent flow
To make the Consent flow easier for accessing GB Corporate accounts, we have removed the requirement for TPPs to enter a customer number in the PSU-Corporate-ID field (in the header). Instead, TPPs who want to access GB Corporate accounts should input the value UNKNOWN into the PSU-Corporate-ID field. As a result of the TPP entering UNKNOWN, after the customer has authenticated themselves in the SCA flow, they will be presented with a list where they can either select Individual (if they have access to Individual accounts) or the name of the Corporate(s) that they have access to. The customer can only make one selection per Consent.
It's important to note that if PSU-Corporate-ID is left blank, we will assume it is an Individual customer and if they aren't (because they only have access to Corporate accounts), then the signing will return an error.
Payment Accounts
We will deliver PSD2 Payment Accounts for Corporate customers.
Permission to view accounts
For the end user / agent (PSU) to be able to access the Corporate customer's account information, they need to have the appropriate permissions as per the Corporate mandate.
An end user's permissions can be updated by the Corporate customer's administrator in the Handelsbanken Online Banking services (e.g. under "Profile", then "Permission administration"). They then need to select "Permission by person" and select the name of the user. For our Account Information API, the user needs to have the "View account information" permission.
Providing the user has the correct permission, they will be able to view the account in the Handelsbanken Online Banking services, as well as the Third Party Provider's services. If a PSU is unsure about their permissions, they need to contact their local branch.
Accounts API Attributes
In the below document you'll find which attributes are applicable for British customers, as well as other rules for Accounts (e.g. the maximum number of transactions).