# Trusted IBANs The **Trusted IBANs** feature allows customers to create a "whitelist" of trusted beneficiaries for their account. Once an IBAN is added to this list, future SEPA Credit Transfers to that beneficiary **do not require Strong Customer Authentication (SCA)**. This allows for a frictionless payment experience for known and verified recipients. ## Key characteristics * **High Security Setup:** Adding or removing a Trusted IBAN is a sensitive action and **always requires SCA**. * **Frictionless Payments:** Subsequent transfers to these IBANs skip the SCA challenge. * **Standing Orders:** * **Creation:** You can create Standing/Timed orders to Trusted IBANs *without* SCA. * **Modification:** Updating or deleting an existing order *still requires* SCA, even if the beneficiary is trusted. SCA Requirement The endpoints to **Add** and **Remove** Trusted IBANs trigger a **Change Request**. The action is not complete until the customer authorizes it via their 2FA method (e.g., SMS OTP or **Device Signing**). ## Integration steps ### 1. Add a Trusted IBAN Call this endpoint to initiate the request. You must specify the `person_id` of the authorized user who will perform the SCA challenge. **Request:** ```shell POST /v1/accounts/{account_id}/trusted_ibans ``` ```json { "iban": "DE12345678901234567890", "person_id": "123456789" // Required: The user authorizing this action } ``` **Response (Change Request):** The API returns `202 Accepted` with a change request object. You must now guide the user to authorize this request. ```json { "id": "change_request_id_123", "status": "AUTHORIZATION_REQUIRED", "updated_at": "2023-10-27T10:00:00Z", "url": ":env/v1/change_requests/:id/authorize" } ``` * **Next Step:** Handle the **[Change Request Process](/guides/authentication/strong-customer-authentication#the-change-request-process)** to finalize the addition. ### 2. List Trusted IBANs Retrieve the current whitelist for the account. ```shell GET /v1/accounts/{account_id}/trusted_ibans ``` **Response:** ```json [ { "id": "trusted_iban_id_999", "iban": "DE12345678901234567890", "approved_by": "123456789" } ] ``` ### 3. Remove a Trusted IBAN Removing a beneficiary is also a sensitive action requiring SCA. **Request:** ```shell DELETE /v1/accounts/{account_id}/trusted_ibans/{trusted_iban_id}?person_id={person_id} ``` Query Parameter You must provide the `person_id` of the user initiating the deletion as a **query parameter**. **Response:** Returns a `202 Accepted` status with a **Change Request** object (similar to step 1), which must be authorized to complete the deletion. ## Webhooks You can use the following webhook to be notified when a trusted IBAN is confirmed. The webhook includes information about the trusted IBAN and the person who approved the action. * [`TRUSTED_IBAN_CONFIRMED`](/api-reference/onboarding/webhooks/webhook-events/paths/trusted_iban_confirmed/post) - Triggered when the SCA process is successfully completed. Trusted IBANs API View the full API specification.