Country specific Account rules
Sweden
Country specific information about our Account Information API and its implementation rules.
Individual customers
SCA Methods
The strong customer authentication (SCA) methods and security solutions applicable for Swedish Individual customers are:
- Redirect: Card reader and log-on card, with / without cable
- Decoupled: Mobile BankID
Payment Accounts
We will deliver PSD2 Payment Accounts for Individual customers.
KYC (Know Your Customer)
In order to receive customer's accounts, the customer must have a valid KYC (Know Your Customer) at Handelsbanken. If there isn't a valid KYC, you (as the TPP) will receive a 403 error code when trying to retrieve account information. Please refer the customer to the Bank / their online banking where they will find instructions.
Allkortskonto (Card Account product)
Allkort MasterCard is a combined charge/credit card which has its own account, which is called the Allkort account (Allkortskonto). The customer can deposit money into the account and there is a credit facility linked to the account. The available amount is the sum of the credit facility and the balance on the account, minus any purchases made on the card that have not yet been invoiced or have been invoiced, but not debited.
The Allkort account can be used without the Allkort MasterCard, for example, to transfer money to another account, which will immediately affect the balance of the account.
Note that with this API you will only receive the transactions on the Allkort Account and not the card transactions. If you want to retrieve the card-based transactions, please use the Card Accounts API.
Mobile BankID
Please note that if the SCA method ”Mobile BankID” is selected, and the Mobile BankID wasn't issued by Handelsbanken (i.e. another bank issued it), it needs to be activated before it can be used. This is achieved by the end user (PSU) logging into the Handelsbanken online services (for the first time).
Attributes for the Accounts API
In the below document you'll find which attributes are applicable for Swedish customers, as well as other rules for Accounts (e.g. the maximum number of transactions).
Accounts API - SE attributes document
Corporate customers
SCA Methods
The strong customer authentication (SCA) methods and security solutions applicable for Swedish Corporate customers are:
- Redirect: Card reader and log-on card, with / without cable
- Decoupled: Mobile BankID
Payment Accounts
We will deliver PSD2 Payment Accounts for Corporate customers.
KYC (Know Your Customer)
In order to receive customer's accounts, the customer must have a valid KYC (Know Your Customer) at Handelsbanken. If there isn't a valid KYC, you (as the TPP) will receive a 403 error code when trying to retrieve account information. Please refer the customer to the Bank / their online banking where they will find instructions.
PSU-Corporate-ID
For Corporate banking customers, when sending in a request using our Consent API, you need to add a "PSU-Corporate-ID" into the header. For Swedish Corporates, this is their Organisation number or SHB number, and for Sole Traders (Enskild firma), it is their Personal number, all of which are 10 digits.
Corporate mandate
For the end user / agent (PSU) to be able to access the Corporate customer's account information or make payments, they need to have the appropriate permissions as per the Corporate mandate, as well as the "Additional service API Corporate". An end user's permissions can be updated by the Corporate customer's administrator in the Handelsbanken online services by going to “Administration” and then “Mandates”, or by contacting their local branch.
For an end user / agent (PSU) to be able to access a Sub-account (underkonto), a mandate from the owner of the Main-account (huvudkonto) is needed.
Mobile BankID
If the SCA method ”Mobile BankID” is selected, and the Mobile BankID wasn't issued by Handelsbanken (i.e. another bank issued it), it needs to be activated before it can be used. This is achieved by the end user (PSU) logging into the Handelsbanken online services (for the first time).
An end user must also have the appropriate permission "Additional service Log in with Mobile BankID" if they wish to log in using Mobile BankID. This can be updated by the Corporate customer's administrator in the Handelsbanken online services by going to “Administration” and then “Mandates”, or by contacting their local branch.
Attributes for the Accounts API
In the below document you'll find which attributes are applicable for Swedish customers, as well as other rules for Accounts (e.g. the maximum number of transactions).
Accounts API - SE attributes document