URL scheme for IBAN / BIC details and SWIFT payments

Paypal has a handy way to enable money transfers, <paypal.me/{account}/{amount}>. The .com domain can do the same with more features (non-default currency, description etc.) but less friendly URLs. I wish this was possible for SWIFT payments and your existing domain names which have been linked to an IBAN (and perhaps implied BIC), like so:

  • swift://example.org/123.45 pay Example 123.45 in their default/local currency
  • swift://example.org/123.45EUR … in Euro (ISO 4217)
  • swift://example.org/123.45EUR/2018-10-01 … on 1 October this year in their default/local timezone (ISO 8601 date)
  • swift://example.org/123.45EUR/2018-10-01T12Z … at 12:00:00 UTC (ISO 8601 time)
  • swift://example.org/123.45EUR/R/ … make it a recurring payment (ISO 8601 repeating interval)
  • swift://example.org/123.45EUR/R12/ … ending after 12 payments
  • swift://example.org/123.45EUR/R12/P1M … make it monthly (ISO 8601 time interval)
  • swift://example.org/123.45EUR/R12/2018-10-01 … beginning on 1 October again
  • swift://example.org/123.45EUR/R12/P1M/2018-10-01 … those combined
  • swift://example.org/123.45EUR/R12/P1M/2019-09-30 … ending next year at the end of September

Clicking such a link or discovering it through a QR code etc. would open up the userʼs default (and trusted) online banking app or website with the payment details already filled in, just waiting for the credentials.

I know there are other payment APIs, but they seem to be focused on or are even restricted to B2C e-commerce scenarios.

Iʼm not sure how to add notes and other information into the URL: path, query or fragment.

I donʼt care whether the scheme is swift, iban, pay, finance, money or something else.


there’s an ietf draft addressing this need, see https://datatracker.ietf.org/doc/draft-dold-payto/ section 4.



to expand on the aspect of identifiers within paypal.me urls: the European Payment Council proposes a “Schema Proxy Lookup” (SPL) to link arbitrary identifier (mobile phone number, email optionally) to its account number. The discovery is between authenticated and authorized requester and provider. Though DNS itself could do the mapping of a domain to number, as banks still do weak authorization (signature) a public directory is easily abused.

1 Like