Swish payments
Cardflo enables Swish payments, Sweden's dominant mobile payment system, allowing merchants to accept instant transactions directly from customer bank accounts.
This integration offers access to a highly engaged Swedish user base, providing a rapid and secure payment option that enhances conversion and streamlines the checkout process.
- Category
- Methods
- Capabilities
- 10
- Available on
- All plans
The overview
Swish is a mobile payment system in Sweden that facilitates real-time transfers between bank accounts through a centralised infrastructure. It operates on the BiR (Betalningar i Realtid) platform, connecting major Swedish financial institutions to ensure immediate finality of payment.
For merchants, Swish serves as an alternative payment method that bypasses traditional card scheme rails, potentially reducing the incidence of chargebacks and interchange-related costs.
The system relies on the customer's mobile phone number joined to their BankID, providing a secure authentication layer that meets Strong Customer Authentication requirements under PSD2.
As a push-payment mechanism, the user must actively authorise each transaction within their banking app, which creates a robust trail of consent.
In the e-commerce context, this usually involves a redirect or an app-switch on mobile devices, ensuring a high level of security for both the merchant and the consumer while maintaining rapid throughput.
Integrating Swish is often considered essential for any entity targeting the Swedish market due to its high penetration rate.
How it works
Customer selection at checkout
The user selects Swish as their preferred payment method on the merchant's checkout page.
They enter their Swedish mobile phone number or, when browsing on a mobile device, the system prompts them to open the Swish application directly through a deep link, initiating the authorisation phase of the transaction.
BankID authentication and approval
The Swish app automatically opens and displays the payment details, including the merchant name and total amount. The consumer must then authorise the transfer using Mobile BankID, which serves as the primary security mechanism.
This step ensures that the person initiating the payment is the legitimate account holder.
Real-time fund transfer
Once authorised, the funds are debited from the customer's bank account and transferred to the merchant's account via the Swedish clearing system.
This process occurs in seconds, providing a level of immediacy that traditional credit card processing, which relies on multi-day settlement cycles, cannot typically match.
Instant transaction confirmation
The merchant's gateway receives an immediate notification from the Swish API confirming the success or failure of the payment.
This allows the merchant to update the order status, release digital goods, or begin the fulfilment process without waiting for several days for the funds to clear.
Why it matters
Market penetration in Sweden
With a significant majority of the Swedish population using Swish for person-to-person and person-to-merchant payments, omitting this method can lead to high basket abandonment. Swish has become a default expectation for Swedish consumers, often preferred over entering card details.
Merchants supporting this method demonstrate an understanding of local payment preferences, which can lead to higher checkout completion rates and improved customer retention.
Reduced dispute and chargeback risk
Unlike card payments, which allow for chargebacks several months after a transaction, Swish payments are credit transfers initiated by the payer. This push-payment model makes it much harder for consumers to dispute a transaction without valid cause.
The use of BankID for every transaction provides a high level of non-repudiation, significantly lowering the risk of friendly fraud and reducing the administrative burden of managing disputes.
Use cases
E-commerce retail
Online retailers selling to Swedish consumers use Swish to offer a familiar, fast checkout experience that avoids the friction of manual card entry, especially on mobile devices where app-switching is common.
Subscription and recurring payments
Businesses specialising in digital subscriptions utilise Swish for initial payments or top-ups, benefiting from the immediate confirmation and the verified identity of the user via the BankID authentication process.
In-person service providers
Brick and mortar businesses or mobile service providers use QR codes to trigger Swish payments, allowing for cashless transactions without the need for an expensive physical point-of-sale terminal or card reader.
By the numbers
This represents the typical percentage of the Swedish population that frequently uses the app, according to various regional digital payment reports.
Industry standard for the technical processing of the payment once the user has authorised the transaction in their bank app.
The estimated proportion of Swish transactions initiated on mobile devices, reflecting its origin as a mobile-first payment utility.
Related terms
Talk to our team about a live rollout on your acquiring stack.
What you get with Swish payments
- Direct integration with the Swedish mobile payment ecosystem using bank-grade security protocols.
- Real-time payment settlements that provide immediate liquidity for the merchant's business operations.
- High adoption rates among Swedish consumers, reducing friction during the checkout process.
- Strong Customer Authentication compliance built-in via the mandatory use of Mobile BankID.
- Lower risk of fraudulent chargebacks due to the push-payment nature of the transaction.
- Simplified mobile checkout through seamless app-switching and deep-link integration on smartphones.
- Detailed reporting and transaction monitoring provided through standard merchant gateway interfaces.
- Elimination of manual entry errors for card numbers, expiry dates, and CVV codes.
- Support for both one-time purchases and structured payment flows in digital environments.
- Reliable uptime and high success rates supported by major Swedish banking institutions.
A short scoping call, then a written plan for your MIDs.
Questions about Swish payments
How does Swish handle refunds and is there a time limit for processing them?
Refunds for Swish transactions are typically processed via the same API used for the initial payment. A merchant can issue a full or partial refund back to the customer's original bank account.
While the technical ability to refund remains active, merchants should adhere to their own terms and conditions. The refund is usually as instantaneous as the original payment, ensuring the customer receives their funds immediately once the merchant authorises the return through their payment service provider.
Does a merchant need a Swedish bank account to accept Swish payments?
Generally, to participate in the Swish for Merchants scheme directly, a Swedish corporate bank account and a Swedish organisation number are required. However, many foreign merchants use a Payment Service Provider (PSP) that has the necessary local infrastructure to process these payments.
In such cases, the PSP collects the funds in Sweden and settles them to the merchant's international account, often involving a currency conversion from SEK to the merchant's functional currency.
What are the transaction limits associated with Swish payments for consumers?
Customer-side limits for Swish are set by their individual bank and can vary based on their account type or specific settings. Users often have a daily limit for standard transactions, though they can often temporarily increase this limit through their banking app for larger purchases.
Merchants should be aware that very high-value transactions might be declined if they exceed the user's current limit, necessitating a fallback payment method such as a bank transfer or credit card.
Is Swish compliant with PSD2 and Strong Customer Authentication (SCA) requirements?
Yes, Swish is inherently compliant with PSD2 and SCA regulations. The payment process requires the user to authenticate using Mobile BankID, which qualifies as a multi-factor authentication method.
This satisfies the requirement for something the user knows or is, combined with something the user has (the registered mobile device). Because this authentication is part of every transaction, merchants do not need to implement additional 3D Secure layers for Swish payments.
How does Swish compare to card payments in terms of merchant fees?
Swish transactions typically involve a per-transaction fee rather than the complex interchange and scheme fee structure associated with Visa or Mastercard.
While costs vary by bank and PSP, they are often competitive, particularly for medium-to-high ticket items where a flat fee or a small percentage may be more cost-effective than the cumulative costs of interchange-plus pricing models used by traditional card acquirers.
What happens if a customer's bank is offline during a Swish transaction attempt?
Since Swish relies on a network of participating banks, the availability of the service depends on both the central Swish system and the individual banks involved. If the consumer's bank is experiencing downtime, the transaction will fail.
In such instances, the gateway should provide a clear decline reason, allowing the merchant to suggest an alternative payment method. However, the system is designed for high availability and systemic downtime is relatively rare.
Related features.
Ready for velocity?
Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.
