Exim – Banca Romaneasca

Menu

Open Banking Individuals

  • The Payment Services Directive (PSD2)
  • Your rights when making payments in Europe
  • Developer Sandbox

The Payment Services Directive (PSD2)

The Payment Services Directive (PSD2) (transposed into Romanian legislation through Law 209/2019 on payment services and for the amendment of certain legislative acts)

The legislative provisions regarding payment security and fraud risk reduction for electronic transactions (conducted online) are constantly evolving to ensure you benefit from a safer banking experience and enhanced protection when making payments with your card or account at Exim Banca Românească

Online payments must be authorized using at least two authentication factors from the following categories:

  • Knowledge-based (e.g.,passwords)
  • Possession-based (e.g.,tokens, phone, etc.)
  • Identity/biometric-based (e.g.,fingerprint)
  1. Operations performed with a card (all cards in the Exim Banca Romaneasca portfolio)

1.1 e-commerce transactions (online payments): if you own a smartphone, payment authorization can be done through the EximPay application installed on your phone:

  • Using biometric authentication available on your phone* (fingerprint, facial recognition, voice, etc.)
    OR
  • Using your phone’s unlock code.

The EximPay application can be downloaded for free from Google Play or the App Store by any Exim Banca Românească cardholder.

If you choose not to authorize the online transaction using one of the two methods mentioned above, payment authorization will proceed as before, using the 3D Secure code received on the phone number registered in the bank’s system.

You can enrol your Exim Banca Românească cards in the EximPay app by entering your phone number registered with the bank and the last 6 digits of your card.

What can you do with the EximPay application?

  • Authorize online payments made with any Exim Banca Românească card using the biometric authentication available on your phone.
  • View the transaction history of online payments made with Exim Banca Românească cards, along with details about these transactions, starting from the moment of enrolment.
  • View the Exim Banca Românească cards enrolled in the application.

1.2 POS transactions: For every five consecutive contactless payments, the Bank will require you to enter your PIN for the next transaction.

Operations performed via e-ximBanking

To access your financial information (account balance, account statements, loan and term deposit details, transaction details) or to perform online transactions, you must authenticate using at least two factors.

New services

In addition to the existing products and services mentioned above, you will benefit from a new channel for existing payment services. This means you will be able to access your payment accounts available in e-ximBanking through Third-Party Payment Service Providers (Third PSPs). These providers, based on your consent, will be able to offer the following services:

  1. payment initiation– you will be able to make payments directly from your Exim Banca Românească account accessible online through the application provided by the Third PSP, using the same security elements as for e-ximBanking;
  2. account information– you will be able to view the balance and transactions in your Exim Banca Românească account accessible online through the application provided by the Third PSP, using the same security elements as for e-ximBanking. The consent granted is valid for 90 days, during which the Third PSP can request information about the accounts you have indicated without requiring you to reauthorize access to your data within this period;
  3. confirmation of fund availability – Exim Banca Românească will confirm, at the request of a Third PSP that issues card-based payment instruments, whether the amount required to execute a card-based payment transaction is available in your payment account accessible online. This agreement remains valid until it is revoked.

Good to know

For the security of your accounts, before accessing the services provided by a Third PSP, it is advisable to ensure that they are authorized/registered.

You can verify this here, in the “Register of Payment Institutions Authorized by the National Bank of Romania (NBR)”, or here, in the section “Institutions from Other EU Member States”, where the competent authorities have notified the NBR regarding the provision of services directly on Romanian territory.

It is your choice whether to benefit from the three services mentioned above and grant access to a Third PSP to your online-accessible accounts through e-ximBanking.

Frequently asked questions ( FAQs)

What operations will be affected by the new regulations?

  • All online transactions are affected, including Internet & Mobile Banking payments, online payments with cards, and payments made with cards at POS terminals, among others.

What is Strong Customer Authentication (SCA)?

  • Strong Customer Authentication (SCA) involves using at least two of the three existing types of identity authentication elements for verifying payments [either knowledge-based, possession-based, or identity-based].

What does the online payment process with a card look like starting September 14, 2019?

  • After entering your card details and clicking the payment button, there can be three possible scenarios:
  1. Single-click payment: Based on your payment profile and history, the Bank or merchant may decide you can make payments with a single click, without additional authentication.
  2. Authentication via EximPay: After placing the order, transaction details will appear in EximPay, where they will be authorized through digital fingerprint or other biometric data available on your phone.
  3. Authorization via 3D Secure password received via SMS**: If you do not have the EximPay app installed, you will receive a unique password via SMS from the bank, which you must enter on the merchant’s payment page.

What should you know about Third PSPs?

  • Third PSPs are authorized, in line with PSD2 Directive, by the National Bank of Romania (NBR) and the competent authorities in the countries where they are registered.
  • The Third PSP must identify itself to Exim Banca Românească and operate in accordance with legal provisions.
  • In the case of unauthorized or incorrectly executed payment transactions initiated through a Third PSP, it is the responsibility of the Third PSP to prove that the payment was authenticated, recorded correctly, and was not affected by any technical defects or deficiencies related to the payment services they are responsible for.
  • Exim Banca Românească will process payment instructions sent via a Third PSP under the same conditions as instructions sent directly by the Exim Banca Românească customer.
  • If you are an Exim Banca Românească customer and wish to benefit from the services provided by any Third PSP, consent for executing a payment instruction to Exim Banca Românească is given through the Third PSP.

Your rights when making payments in Europe

EU rules mean that your electronic payments become cheaper, easier to perform, and more secure. Here’s how this works:

  • You can make payments throughout Europe (EU, Iceland, Norway, and Liechtenstein) just as easily and securely as you do in your home country.
  • You no longer need to pay additional costs to a merchant when using a card issued in the EU.
  • The rules cover all types of electronic payments (e.g., credit transfers, direct debits, card payments).
  • Everyone legally residing in Europe has the right to have a bank account to make electronic payments (“payment account”).

Read more: Financial products and services – Your Europe

Developer Sandbox

https://sandbox.eximbank.ro/store/
Skip to content