Back to the main site
Back to the Standards Library

Czech Standard for Open Banking – COBS

Owned by:

Czech Banking Association

The Czech Banking Association’s Open Banking response to the EU’s PSD2 directive.

Czech Banking Association

Czech Republic

Services defined within the standard:

  • Payment initiation: A service defined as PIS (Payment Initiation Service) by the PSD2 directive.
  • Account information: A service defined as AIS (Account Information Service) by the PSD2 directive.
  • Balance Check: A service defined by the PSD2 directive as information about sufficient funds provided for CISP providers (Card-based payment Instrument Issuer Service Providers).

AIS incorporates access to client payment accounts, account balances, account transactions and standing orders. 

Budget Bakers has a budgeting app for businesses and individuals, combining multiple accounts.

JSON

REST

Active API

v6.0

Standard documentation is freely available, and financial providers must be given authorisation by the Czech National Bank.

Regulated

Mandated

The aim of the Czech Standard for Open Banking is to lay down rules for communication, mainly for services defined by the PSD2: Account Information Service Provider (AISP), Payment Initiation Service Provider (PISP) and Card Issuing Service Provider (PISP).

The standard is voluntary and since systems and their operations differ across all payment service providers, standard participants may deviate from the standard at certain points, within the scope of their specific information systems.

Since each payment service provider is obliged to document its solution according to PSD2, a large number of fields for optional information are defined.

The Czech Standard aims to allow easier integration of TPP into systems which banks are offering, including without any other intermediaries, ensuring a uniform interpretation of the PSD2 in the Czech market.

Banking

Open Banking

  • Payment initiation
  • Account information
  • Balance Check

Credit Cards

Current Accounts

Wallets Or Prepaid

Certificates

DCR

Browser Redirect

Consent is outlined in the standard document and includes the following:

User information scopes must be confirmed by the user on the so-called consent screen during authentication.

For a payment processed in the SEPA Direct Debit scheme, a mandate reference is mandatory in the field, through which the client gave consent to debit the account.

Consent flow has a recommendation for the inclusion of the accounts to be made available on the selection page in the authentication flow of the bank.

When loan offers from other banks are being called with an access token, that loan’s parameters can be personalized according to the end user’s creditworthiness. It is recommended to put clear information on the consent screen that the loan’s personalized parameters will be transferred to the TPP.

OAuth

Other

What COBS defines in the security area:

  • Request authorization
  • APIs for enrollment to COBS
  • API authorization for initiated payments

What COBS does not define in security:

  • User authentication flow
  • Processing of certificates in the ASPSP and TPP systems

Accounts

Balances

Confirmation Of Funds

Standing Orders

Transactions

Bulk Payments

Future Dated Payments

Single Domestic Payments

Single International Payments

Customer Experience Guidelines

Operational Guidelines

Includes some very basic Customer Experience and Operational Guidelines. The latter includes a ‘Planned Outages’ API and some guidance on Sandbox usage.

Developer GitHub is available but appears out of date relative to standard documents.

Examples of API information pertaining to Account Authorisation can be found in the GitHub repository.

On 16 November 2015, the European Banking Authority issued the Revised Payment Service Directive (PSD2). As of 13th January 2018, PSD2 replaced former Directive on Payment Services in the Internal Market. 

The PSD 2 was implemented into the Czech legislation by the brand new No 370/2018 Coll., Act on Payment Systems, which came into force on 13th January 2018.

Czech Banking Association is a voluntary association of banks and building societies operating on the Czech market. Currently, they associate 37 members representing more than 99 % of the Czech banking sector. They have been supporting the development of the Czech banking sector, the entire economy and the financial literacy of Czechs since 1990.

The standard will be changed maximum once a year, suggestions for change may be given by a new mandatory regulation by the bank, a third party through the ČBA or by the working group itself.

The suggestion for change must be approved within a proper amendment procedure 6 months before the due date of the changes in force. This implies that the suggestion for a major change must be submitted no later than 1 year before the planned implementation date.

There are resources outlining protocol for outages and ‘Health Check’.

Error codes are outlined.

The standard is voluntary, and it is up to each bank to consider joining the standard.

With respect to the fact that systems and their operations differ across all payment service providers, standard participants may deviate from the standard at certain points, within the scope of their specific information systems.

Since each payment service provider is obliged to document its solution according to PSD2, a large number of fields for optional information is defined in the Czech Open Banking Standard.

NextGenPSD2

Directive (EU) 2015/2366 (PSD2); No 370/2018 Coll., Act on Payment Systems.

Decree on application to perform activities pursuant to the Payment Systems Act.

Ozone API in partnership with Smart Data Foundry

We use cookies to personalize your experience. By using our website, you agree to the use of cookies as described in our cookie policy.

Accept all