PSD2 (Payment Service Directive)

What is PSD2?

The PSD2 (Payment Service Directive) directive of the European Union has made it possible for you as the owner of your bank data to manage and use it for any purpose. In our case, PSD2 is used so that FIRA can show you the transactions and balance of your account and, for example, automatically reconcile payments with issued invoices.

PSD2 integrator

Our business partner Identity Consortium d.o.o. (Identyum) is, according to the PSD2 directive, the first licensed provider of account information services, i.e. AISP (Account Information Service Provider) in the region. The approval was given by the Croatian National Bank.

Identyum is ISO 27001 and 27701 certified for information security management system and for information privacy management (GDPR).

Croatian banks

The FIRA application successfully integrates all major Croatian banks.

According to EU regulation (PSD2), banks provide access to clients' accounts via API (application programming interface). FIRA, in cooperation with its partner Identity Consortium d.o.o., has developed functionality that enables clients to access accounts via API. By clicking on the logo of the banks, you can go to the websites of the banks that provide more information about the PSD2 regulation / open banking.

Servers and network

FIRA is a cloud application, built on secure cloud solutions and infrastructure provided by Microsoft Azure which is located in the European Union.

The development of FIRA utilizes 24-hour monitoring, extensive logging services, and a gradual software implementation process to ensure the stable operation of FIRA services. We have emergency procedures in place to deal with service disruptions and any external attacks.

Data protection

FIRA encrypts your sensitive data using industry-leading methods and recognized security standards (256-bit SSL certificates), ensuring that all data transmitted between your computer and our servers, or individual services on our servers, remains encrypted at all times.

The FIRA cloud infrastructure runs on servers located in the European Union and is therefore subject to the strict privacy regulations set out in the European Commission Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Passwords and application security

FIRA never stores passwords in plain text format in its databases. Instead, it utilizes mathematical algorithms for data management to ensure that your password is securely encrypted and sufficiently complex to resist hacking, even with hardware advancements.

Security of credit card payments

The confidentiality of your data is protected and ensured by the use of SSL encryption. Online payment pages are secured using the Secure Socket Layer (SSL) protocol with 128-bit data encryption.

SSL encryption is the process of encrypting data to prevent unauthorized access during its transmission. This enables safe transfer of information and prevents unauthorized access to data during communication between the user's computer and the WebPay service, and vice versa. The WebPay service and financial institutions exchange data using a virtual private network (VPN), which is protected against unauthorized access.

Monri Payment Gateway is certified according to PCI DSS Level 1 security standard prescribed by Visa and Mastercard rules. FIRA Solutions d.o.o. does not store credit card numbers and numbers are not accessible to unauthorized persons.