Third-Party Payment Services
General information
In accordance with the provisions of the Revised Payment Services Directive (EU) 2015/2366 (PSD2) and the related Regulatory Technical Standards (RTS), Eurobank Private Bank Luxembourg S.A. (the “Bank”) provides authorised Third Party Providers (“TPPs”) with access to payment accounts held by its clients, subject to the explicit consent of the Payment Service User (“PSU”).
Access is granted on a non-discriminatory basis and under conditions equivalent to those applied to the Bank’s own services, in compliance with Article 32 of the RTS.
Dedicated interface
The Bank has implemented a dedicated interface (API) for the purpose of Access to Account services (XS2A), using the Salt Edge API solution.
The technical documentation and specifications applicable to TPPs are available via the Saltedge's TPP developer portal
Testing and production environment
Sandbox (Testing Environment)
TPPs may access the Bank’s Sandbox environment in order to test the interface using simulated data.
Production Environment
As of 3 November 2025, authorised TPPs are able to access the Bank’s dedicated production interface
API standard
The Bank’s dedicated interface is implemented in accordance with the Berlin Group “NextGenPSD2” standards.
Further information is available at:
https://www.berlin-group.org/psd2-access-to-bank-accounts
Authentication procedure
The Bank applies the redirection approach for Strong Customer Authentication (SCA).
Under this model:
- the PSU is redirected from the TPP interface to the Bank’s secure authentication environment;
- authentication is performed directly between the PSU and the Bank;
- no personalised security credentials or authentication elements are shared with the TPP.
Upon successful authentication, the PSU is redirected back to the TPP interface.
This approach complies with Articles 10 and 30 of the RTS.
Services available via the Dedicated interface
The following services are offered via the Bank’s API:
Account Information Services (AIS)
Access for Account Information Service Providers (AISPs) to:
- the list of payment accounts accessible online;
- account balances;
- account details;
- transaction history;
Payment Initiation Services (PIS)
Access for Payment Initiation Service Providers (PISPs) to:
- initiate payment orders;
- modify payment orders where applicable;
obtain information on the status of initiated payments
Consent management
The Bank supports the following consent models:
- Global Consent
- Bank-Offered Detailed Consent
In accordance with Article 10 of the RTS, Strong Customer Authentication for account access is subject to the 180-day exemption, unless an exemption cease condition applies.
Availability and performance monitoring
In line with Articles 32 and 33 of the RTS, the Bank publishes quarterly interface usage statistics on its Corporate Website covering both:
Dedicated API Interface
- date
- uptime rate
- downtime rate
- AISP response time
- PISP response time
- CBPII response time
- error response rate
e-Banking Interface
- date
- uptime rate
- downtime rate
- consultation functions response time
- payment functions response time
- error response rate
Rates are expressed as percentages and response times in milliseconds.
Interface usage statistics publication
The statistics are published per quarter and per interface in the following ZIP file: Interface_Usage_Statistics_20252912 (per quarter and per interface)
Methodology Note:
Statistics are calculated in accordance with the EBA clarifications on the RTS monitoring methodology (reference EBA-2019-4661).
The statistics folder includes:
- data related to the current Salt Edge TPP services (from 3 November 2025 onwards);
- historical data covering the period 2023–2025.
Contact
For further information or technical queries related to PSD2 access, visitors may contact the Bank via the Contact Form available on the Corporate Website.
Protocols used and communication
- Access Network: Internet
- Transport Protocol: HTTP version 1.1, TLS version 1.2 or higher
- Applicative Protocol: REST
- Authorization Protocol: OAuth2 Authorization Code Grant (AISP, CBPII, PISP) or Client credentials Grant (PISP, CBPII) (See :https://tools.ietf.org/html/rfc6749 and https://tools.ietf.org/html/rfc7009)
- Data formats: JSON/UTF8 & XML
- Data model origin: ISO 20022
- Non-repudiation: HTTP Signature (https://datatracker.ietf.org/doc/draft-cavage-http-signatures/)
- Technical Documentation: Swagger 2.0 (https://swagger.io/specification/)
Legal references and background
PSD2
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32015L2366&from=EN
EBA Report on RTS
Directive 2018/389 on RTS on SCA & CSC
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32018R0389&from=EN
Definitions
|
AIS / AISP |
Account Information Service / Account Information Service Provider |
|
API |
Application Programming Interface |
|
Berlin Group Standard |
This Standard has been developed by Berlin Group NextGenPSD2 over a period of 21 months in collaboration with representatives of the market supply-side, i.e. banks, banking associations, payment associations, payment schemes and interbank processors operating in SEPA |
|
CBPII |
Payment Service Provider issuing card-based payment instruments |
|
PIS / PISP |
Payment Initiation Service / Payment Initiation Service Provider |
|
PSP |
Payment Service Provider |
|
PSU |
Payment Service User
|
|
SCA |
Strong Customer Authenticating |
|
TPP |
Third Party Provider – namely, AISPs, PISPs and CBPIIs |
Note: The previous TPP Open Banking Portal (LuxHub) was decommissioned and is no longer available since 3 November 2025.
