Portmone: utility, transfers — OpenData mapping & authorized payment-rail integration

We translate Portmone’s consumer wallet flows and Portmone.com merchant gateway contracts into governed datasets: utilities, telecom top-ups, card-to-card transfers, Kyiv Smart Card reloads, and PCI-scoped host-to-host notifications.

From $300 · Pay-per-call available

OpenData · OpenFinance · Ukraine NBU Open Banking · Protocol documentation

Expose Portmone payment journals to finance, mobility, and compliance teams—without guessing field meanings

Portmone combines a mass-market Android/iOS wallet with a documented partner stack at docs.portmone.com.ua covering Payment Gateway, Apple Pay / Google Pay modules, and PCI DSS host-to-host JSON for asynchronous status callbacks. That split matters for integration planners: merchants inherit explicit TLS 1.2, client-side encryption, and notification URLs, while households generate rich recurring-payment metadata across gas, water, electricity, heating, internet, television, and Single Account bundles. Card-to-card transfers by phone or QR, loan repayments, fines, insurance, and Kyiv public transport ticketing each emit different identifiers, yet all land in the same “last operations” history the app advertises for household bookkeeping.

Utility bill payment statement export — Structured rows for provider name, personal account or contract code, amount, timestamp, and channel (Visa, Mastercard, Maestro, Visa Electron) become month-end accrual evidence for property managers reconciling dozens of flats.

Card-to-card transfer reconciliation — Phone-number routing and QR-initiated pushes produce counterparty handles that ERP teams can match against treasury files when employees reimburse field staff through Portmone instead of slower wire templates.

Kyiv Smart Card mobility ledgers — Trip bundles purchased inside the wallet yield ticket counts, smart-card numbers, and instant credit events that HR mobility programs can ingest next to corporate taxi invoices.

Feature modules mapped to integration work

Recurring utilities & Single Account ingestion

Screens that locate bills by address or contract bundle gas, water, light, sewage, and heating into one payment event. Field notes describe how meter periods, arrears flags, and rounding rules appear so data engineers can normalize them against municipal tariff tables.

Concrete use: property operators automate accrual postings per apartment block instead of reconciling PDF scans from each utility portal.

Card-to-card and QR transfer APIs (authorized flows)

We document sender PAN token references, recipient phone bindings, currency assumptions in UAH, and status transitions that resemble payment initiation reporting under Ukraine’s evolving Open Banking regulation—always paired with explicit user consent artifacts.

Concrete use: payroll teams validate that per diem pushes match shift schedules by comparing QR batch IDs with HRIS exports.

Merchant H2H JSON notification mirror

Official partner documentation specifies HTTPS host-to-host traffic, XML or JSON callbacks to a merchant-provided URL, and separate 3-D Secure endpoints. We draft listener stubs that validate signatures, idempotency keys, and failure codes so finance controllers see the same state machine the gateway emits.

Concrete use: SaaS billing teams reconcile hosted checkout sessions with internal invoice rows without polling end users.

Transport ticketing & entertainment catalog feeds

Kyiv ground and metro tickets, cinema, theater, concerts, and games each carry distinct merchant descriptors. Mapping those descriptors to ISO merchant categories prevents double counting when loyalty analysts join Portmone files with bank-issued card data.

Concrete use: city mobility studies compare Smart Card reload cadence against ride-hailing spend in the same household.

Insurance, education, and trade-network payments

Auxiliary services—insurance premiums, school fees, retail chain invoices—often include policy numbers or student identifiers in memo fields. Extraction playbooks show how to lift those tokens for CRM deduplication while redacting national ID fragments.

Concrete use: edtech finance teams prove tuition was paid on time for scholarship audits.

“Last operations” history as an operational data store

Because the product markets a running ledger of recent actions, analysts can treat it as an append-only feed analogous to account-information services, noting timestamps, channel icons, and reversal markers when disputes occur.

Concrete use: fraud desks replay short windows around suspicious login attempts without exporting an entire year of unrelated cinema tickets.

Core benefits for data and product teams

Finance-grade lineage

Each integration blueprint names the originating screen (utilities hub, transfers tab, Smart Card module), the identifier set (contract, phone, smart-card number), and the settlement rail (card network vs internal wallet balance). That lineage shortens SOC 2 evidence collection because auditors can trace a metric to a user-visible confirmation.

Dual-track delivery

Teams that already signed Portmone merchant agreements receive hardened webhook parsers and key rotation runbooks, while authorized aggregators focused on household visibility receive field dictionaries aligned with Ukrainian Open Banking consent language published by the National Bank of Ukraine.

Operational clarity

Instead of ad-hoc screenshots, engineers inherit OpenAPI sketches, fixture JSON, and negative tests for throttling, partial payments, and duplicate notifications—cutting mean time to detect integration drift after app updates.

Vendor-neutral storage

Normalized tables separate PII (phone, address lookups) from payment facts (amount, currency, merchant category), which keeps data minimization policies intact when the same warehouse also stores Privat24 or monobank exports.

Screenshots

Tap any thumbnail to view the full-resolution Play Store capture. The grid stays compact by default; enlarged images open in a simple overlay you can dismiss with Escape or by clicking outside the photo.

Data available for integration (OpenData perspective)

The matrix below ties observable Portmone capabilities to integration outcomes. Where official partner APIs exist, we cross-link implementation requirements (TLS 1.2, notification URLs, CSE for card data). Consumer-facing rows describe the business objects implied by marketing copy and in-app flows rather than undocumented private endpoints.

Data type	Source surface	Granularity	Typical use
Utility settlement lines	Gas / water / electricity / heating / sewage with Single Account search	Per contract, per payment, often monthly cadence	Property cost allocation, carbon accounting proxies, delinquency monitoring
Telecom and ISP recharge events	Mobile top-up, Triolan / Volya / Vega / Lanet style internet-TV payments	Per MSISDN or subscriber id	Churn prevention, bundle upsell analytics for regional ISPs
Card-to-card transfer confirmations	Transfers hub using Visa, Mastercard, Maestro, Visa Electron, phone or QR routing	Per transfer with timestamps and channel metadata	Employee reimbursement auditing, informal caregiver stipend tracking
Kyiv Smart Card trip purchases	Transport module for ground and metro	Per smart-card number and trip bundle	Mobility benefits compliance, commuter subsidies reconciliation
Budget and tax remittances	Budget payments for SSC, income tax, military duty, property tax	Per declaration reference	Quarterly close support for sole proprietors, payroll tax alignment
Merchant H2H payment statuses	Partner gateway callbacks documented for PCI environments	Per shop order id with async JSON/XML payloads	Hosted checkout reconciliation, dunning automation when authorizations fail

Typical integration scenarios

Scenario A — Multi-unit housing statements

Business context: A Kyiv facility manager pays utilities for forty flats and must prove each transfer to owners’ associations.

Data involved: Contract numbers, meter periods, UAH amounts, timestamps from the utilities grid, plus optional address lookup keys.

OpenData mapping: Rows resemble account-information service extracts because each payment references a stable provider + personal account tuple, letting you join external tariff APIs published as open data by regulators.

Scenario B — Field staff per diem via phone transfers

Business context: Logistics supervisors push UAH advances to drivers’ phones between bank cutoffs.

Data involved: Phone-based card routes, QR fallback codes, reversal flags inside last operations.

OpenFinance mapping: Treat the feed like a lightweight payment initiation log—each entry stores an intent (push), execution channel, and settlement state comparable to PISP confirmation payloads under NBU Open Banking guidance.

Scenario C — Merchant SaaS with Portmone checkout

Business context: An ISV already on the partner program wants deterministic mirrors of asynchronous approvals.

Data involved: JSON notifications, bill identifiers, error codes from host-to-host docs, 3DS challenge results.

OpenData mapping: Webhooks become the system of record that data lakes ingest hourly, while CRM retains only non-sensitive order metadata.

Scenario D — Municipal mobility stipends

Business context: Employers subsidize Kyiv Smart Card reloads for night-shift nurses.

Data involved: Smart-card numbers, number of trips purchased, purchase timestamps, card template used for funding.

OpenData mapping: Join trip bundles with HR roster IDs (hashed) to prove eligibility without exposing full card PANs.

Scenario E — Micro-business fiscal calendar

Business context: Accountants consolidate budget payments for private entrepreneurs across Portmone and bank portals.

Data involved: Payment purpose codes, SSC receipts, military duty lines, single tax confirmations.

OpenFinance mapping: Align memo fields with chart-of-account dimensions mandated by Ukrainian tax reporting, then cross-check against official treasury confirmation numbers when those APIs are available.

Technical implementation notes

Snippet 1 — Merchant notification listener (pseudocode)

// Pseudocode: verify Portmone-style async JSON callback
POST /hooks/portmone/payment
Content-Type: application/json
X-Signature: sha256=<HMAC_OF_RAW_BODY>

{
  "shopOrderNumber": "INV-204918",
  "billId": "pm-88321",
  "status": "ACCEPTED",
  "authCode": "493021",
  "amount": "1250.00",
  "currency": "UAH",
  "errorCode": "0"
}

// Handler steps:
// 1) Load merchant secret from KMS (never from git)
// 2) Recompute HMAC on raw bytes; constant-time compare
// 3) Upsert payment_fact by billId with status + authCode
// 4) If duplicate billId with same status → 200 OK idempotent exit
// 5) On mismatch → 401 and alert SIEM channel

Snippet 2 — Authorized “last operations” pull (illustrative REST)

// Illustrative internal API after lawful aggregation
GET /internal/v1/portmone/operations?from=2026-03-01&to=2026-03-31&category=utilities
Authorization: Bearer <USER_CONSENT_TOKEN>

200 OK
{
  "items": [
    {
      "operation_id": "op_918273",
      "posted_at": "2026-03-12T09:41:11+02:00",
      "amount": "842.35",
      "currency": "UAH",
      "counterparty": "Kyivteploenergo",
      "contract": "001234567890",
      "channel": "mastercard_token",
      "status": "settled"
    }
  ],
  "next_cursor": "eyJpIjoxMjB9"
}

Snippet 3 — Session refresh with step-up handling

// Pseudocode: refresh user-authorized session
POST /auth/portmone/refresh
{
  "refresh_token": "prt_***",
  "device_binding": "fp_sha256:ab12...",
  "mfa_hint": "sms_last4:4821"
}

403 MFA_REQUIRED
{ "challenge_id": "ch_991", "methods": ["otp_sms","push"] }

// Client completes OTP, then:
POST /auth/portmone/mfa
{ "challenge_id": "ch_991", "otp": "482193" }

200 OK
{ "access_token": "...", "expires_in": 900 }

Compliance & privacy

Ukraine regulatory stack

The Law of Ukraine on Payment Services and National Bank of Ukraine implementing acts govern payment service providers, strong customer authentication, cybersecurity expectations for payment-market participants, and the national Open Banking framework that defines how banks and third parties exchange account data with consent.

Portmone publicly cites PCI DSS audit coverage for its consumer-facing security story; merchant integrations additionally require TLS 1.2, encrypted cardholder data via client-side encryption helpers, and tightly scoped credentials issued after contractual onboarding.

Cross-border privacy overlays

Teams storing Ukrainian household data inside EU analytics tenants must still honor GDPR articles on lawful basis, data minimization, and breach notification timelines even when the primary processor is Ukrainian.

Our deliverables include processing records that list lawful bases, retention windows for phone-derived transfer indexes, and pseudonymization recipes before data crosses regions.

Data flow / architecture

Capture node: Authorized mobile or merchant listeners collect JSON/XML payloads or UI-consistent exports under explicit user mandates.
Normalization service: Maps provider-specific codes to canonical enums (utilities, transport, taxes) and attaches geospatial keys when address lookups occur.
Secure lake segment: Stores encrypted PII shards separately from payment facts, mirroring PCI segmentation guidance for partners.
Downstream APIs: ERP connectors, BI dashboards, and anomaly detectors read curated views with row-level security keyed to property or employer identifiers.

This four-node chain keeps ingestion reversible: if Portmone adjusts a descriptor string in a store update, versioned transformation rules let you replay the last thirty days without re-contacting end users.

Market positioning & user profile

Portmone positions itself as Ukraine’s large independent online payment platform spanning more than a thousand billers, with consumer apps on Android (com.portmone2.android) and iOS alongside merchant-facing SDKs. Primary users are households paying utilities and telecom, gig workers moving money by phone, commuters reloading Kyiv Smart Cards, and micro-business owners remitting taxes or SSC contributions without visiting a branch. In 2024, consumer and partner outlets kept highlighting Portmone’s Kyiv Smart Card reload lane—often calling out instant crediting, saved-card templates, and commission-free top-ups—as the mobility companion to its utilities stack, which helps data teams treat metro and surface-transport purchases as first-class ledger lines instead of occasional anomalies. Regional trade press documented the Smart Card top-up path as an instant, commission-free differentiator versus pure-bank wallets, underscoring how mobility payments now sit beside traditional card-to-card flows inside the same “last operations” timeline. International audiences encounter the app through multilingual store listings, yet the deepest catalog remains Ukraine-centric providers (Vodafone, Kyivstar, Triolan, municipal kindergartens in Kyiv, etc.), so integration narratives should foreground UAH settlement behavior and local identification fields.

Similar apps & integration landscape

Privat24

PrivatBank’s super-app stores card-to-IBAN transfers, international rails, and utility templates. Teams that split bills between Portmone and Privat24 often need unified Ukrainian Open Banking consent flows so accountants can deduplicate the same electricity contract paid from two wallets.

PUMB Online Bank 24/7

First Ukrainian Bank’s mobile stack bundles transfers, Western Union family rails, and cashback programs. Its data model complements Portmone when enterprises standardize on PUMB corporate cards but employees still use Portmone for municipal school meals.

monobank

The unicorn-style digital bank issues virtual cards quickly and pushes scheduled utilities. Analysts comparing monobank’s retail momentum with Portmone’s biller catalog frequently request cross-wallet spend classification so marketing teams avoid double-counting telecom refills.

EasyPay

EasyPay’s instant internet payments include card top-ups for other brands. Merchants studying interchange-minimization strategies evaluate how EasyPay receipts align with Portmone host-to-host JSON for the same acquiring chain.

Sense SuperApp

Sense blends banking, utilities, and lifestyle perks such as Mastercard-driven gamification. Households that experiment with Sense’s fee-free utilities still keep Portmone for niche billers, which makes multi-app statement stitching a recurring integration ask.

Raiffeisen Online

Raiffeisen Bank Ukraine’s online channels emphasize FX, deposits, and Apple Pay-ready cards. Treasury groups pair Raiffeisen liquidity with Portmone’s faster phone transfers when field teams lack IBAN details.

Oschad 24/7

Oschadbank’s mobile footprint reaches state-sector salary cards and social payouts. Public-sector contractors sometimes pay suppliers via Portmone while salaries land on Oschad cards, driving demand for joined-up audit trails.

NovaPay

Nova Poshta’s payment layer handles logistics-linked settlements. E-commerce sellers reconciling COD remittances alongside Portmone checkout sessions want consistent merchant descriptors across both apps.

API integration instructions

Confirm track: Decide whether you are integrating the documented Portmone.com partner gateway (requires PCI DSS scope, payee identifiers, TLS 1.2 endpoints, and notification URLs) or an authorized aggregation of end-user wallet history for analytics.
Provision secrets: Store login, password, payee id, and signing keys in a managed vault; rotate quarterly and log every decrypt event.
Implement CSE where required: Follow official client-side encryption scripts before card data ever touches your servers, shrinking PCI footprint.
Wire callbacks: Expose an HTTPS listener that accepts JSON or XML payloads, validates signatures, persists idempotent keys, and surfaces structured errors to support teams.
Map statuses: Align gateway states (authorized, captured, declined, chargeback) with your internal invoice model; include 3DS challenge metadata for dispute defense.
Test matrix: Cover partial approvals, duplicate notifications, clock skew, and network retries; include fixtures for Kyiv-specific billers to catch Unicode issues in addresses.

Official references live on docs.portmone.com.ua, including Payment Gateway, host-to-host JSON, Apple Pay, Google Pay, and SDK modules; this page does not replace those contracts but shows how to translate them into data engineering tasks.

Deliverables, studio profile, and contact

What we deliver

OpenAPI sketches for merchant listeners and internal aggregation services.
Protocol and authorization flow reports with sequence diagrams for OTP, push, and device-binding steps.
Runnable Python or Node.js samples for webhook verification, cursor pagination, and error taxonomies.
Automated pytest / Jest suites with replayable JSON fixtures.
Operator documentation describing how to request Portmone transaction history API integration scopes from business stakeholders lawfully.

About our studio

We are an engineering-led studio that pairs mobile app interface analysis with authorized API work across fintech and retail. Practitioners on the team have shipped PCI-scoped gateways, PSD2-style consent UX in EU, and Ukraine-specific payment projects where NBU regulations intersect with everyday wallet behavior.

We document reverse-engineered flows only where customers supply contracts proving legitimacy, preferring official host-to-host JSON channels whenever Portmone already exposes them to partners.

Contact

Share the target app name (Portmone: utility, transfers), desired datasets, and evidence of user or merchant authorization. We respond with a scoped statement of work and sample milestones.

Open the contact page

Engagement workflow

Discovery call covering utilities, transfers, transport, merchant checkout, and compliance boundaries.
Interface documentation sprint with daily diffs against docs.portmone.com.ua releases.
Implementation sprint for collectors, transformers, and webhook hardening.
Validation window with shadow traffic on sanitized fixtures.
Handover of runbooks, DPIA annexes, and operator training for Ukrainian Open Banking consent capture.

FAQ

Do you replace Portmone’s official partner onboarding?

No. We accelerate engineering once contracts and PCI scope exist, and we help interpret notification payloads.

Can you scrape data without user consent?

No. We refuse engagements that lack documented authorization, and we steer teams toward lawful aggregation patterns.

How do you stay current?

We monitor store listings, partner documentation, and NBU Open Banking updates—recent trade coverage emphasized Portmone’s Kyiv Smart Card reload path as a commuter-facing differentiator, which we reflect in mobility data models.

Original app overview (collapsed appendix)

Portmone markets itself as a smartphone-first payment system for transferring money, topping up mobile lines, and paying bills in a few taps. Users manage accounts on the go, execute cash transactions on Visa and Mastercard products in one touch, and rely on a mobile e-wallet positioned as easy, fast, and safe.

Recurring payments cover mobile replenishment for Vodafone, Lifecell, Kyivstar, Intertelecom, and others; internet and television providers such as Triolan, Volya, Vega, and Lanet; utilities including gas, water, light, electricity, sewage, and heating with Single Account support; and address-based bill discovery.

Transfer features include card-to-card flows across Visa, Mastercard, Visa Electron, and Maestro using phone numbers or QR codes, loan repayments, driver fines, cinema and transport tickets, receiving money via phone or QR, and budget payments for taxes and social contributions. Additional services span insurance, retail chain payments, education fees, periodicals, security subscriptions, municipal kindergarten meals in Kyiv, transfers by bank details, games, and entertainment.

Kyiv public transport integrates through Kyiv Smart Card top-ups for ground and metro travel. Payment templates, multiple payment methods, “last operations” history, and PCI DSS audit assurance round out the consumer promise.