Open Banking and the Payment Services Directive II
Open Banking is the name used by financial services industry when referring to new services allowing payment account holders to share their financial information with, and make payments to, banks and other authorised organisations. This change was led by the UK’s Competition and Markets Authority (CMA) to bring more competition and innovation to the financial services industry.
Open Banking uses a secure system which allows you to tell your bank directly that you’re agreeing to use a regulated Third Party Provider (TPP). When you use the TPP to access your payment account you’ll be directed to your account provider to give your agreement.
The important aspect of Open Banking is that it's up to you if you want to share your data. Open Banking gives the opportunity to share your information, but only if you expressly give your permission.
Payment Services Directive
The Payment Service Directive (PSD) is European law, which is translated into UK law as the Payment Services Regulation. This law tells banks and other providers how they have to process payments and other services linked to providing payment services. The PSD was updated, and one of the changes introduced similar services to those contained in the UK’s pen Banking rules.
The PSD changes mean that TPPs can (with your express permission) access information about your accounts and make payments on your behalf. This includes any payment account you can access online (such as current accounts, credit cards and some savings accounts).
Information for customers
Open Banking was set up by the Competition & Markets Authority on behalf of the UK Government. You can give permitted companies (Third Party Providers or TPPs) access to your accounts, so they can provide you with three services:
- Account information: you can see your account information perhaps combined with other information such as all of your accounts with all providers in one place on a mobile app or online. Examples of companies providing this service include cloud accounting providers, other banks and data service providers. We have expanded this service to include all payment account products; current accounts, certain savings accounts and foreign currency accounts.
- Payment Initiation: this allows payments to be initiated with your consent through the TPP, as an alternative to using another payment facility like a debit or credit card. This service offers the following Payment Functionality:
- Faster Payments (immediate & future dated)
- Standing Orders
- Chaps (immediate & future dated)
- International Payments
- File Based Payments (Bulk & Batch)
Multi-Authorisation is available for all payment types (the ability for different users to authorize the payment initiated through the TPP on your Santander payment account).
- Confirmation of Funds: this gives the TPP (Card Based Payment Instrument Issuer) the ability to confirm if you have available funds in your payment account prior to you using their card for a purchase
Giving your consent
Before you give consent for any TPP to access your accounts, it’s important that you understand the services they’re providing and how they’ll use your information, including if they’ll be sharing it with anyone.
- When using the TPP service, you’ll be redirected to a new Santander login page to provide consent to your account. Please note, these screens will look different to your usual online banking screen on Connect. You’ll still need your Santander Security Device to complete the consent process.
- You should take reasonable steps to ensure that the company is legitimate before doing this. Remember, you should never share a code from your security device with another person, not even a Santander employee. In all cases, be vigilant and check the transactions on your account regularly. Once the TPP has your consent and has obtained access to your information, we can’t control how it will be used. Visit our fraud pages for more information.
Know your rights
- TPPs can only provide these services if you agree and they can only access the accounts you have given your consent for.
- TPPs have to provide key information about their services. This should include what data they’ll have access to and how they’ll use it or share it. They’ll also have to tell you what to do if you’re not happy with the service.
- You can withdraw your consent at any time by accessing the Third Party Consents page (in the Account Information menu) in Connect. Alternatively, you can contact the TPP or call us on 0800 085 1580 between 8am and 6pm Monday to Friday and 8am and 2pm on Saturday.
- We may refuse to give access to a TPP, for example, if we believe there is a risk of fraud.
- Take reasonable steps to check a TPP is legitimate. Ask them for more details, for example who they are regulated by. UK based TPPs must be registered with the Financial Conduct Authority (FCA), with the exception of those who started operating before 12 January 2016. You can check the FCA register at: register.fca.org.uk/
- Be alert. You should be vigilant to fraud when using these services. If there is a reason to suspect that the TPP is not who they claim to be, don’t disclose any information. A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Don’t give out personal or financial details unless it is to use a service that you have signed up to, and you are sure that the request for your information is directly related.
- Understand what you are agreeing to, by making sure you read the terms and conditions of the TPP carefully.
- Regularly check your accounts and if you notice any activity you don’t recognise, call us immediately on 0800 085 2090.
Keep safe from fraud
- Never share a code from your security device with another person, not even a Santander employee.
- Never download software or let anyone log on to your computer or devices remotely during or after a cold call.
- Never enter your logon details after clicking on a link in an email or text message.
For more information on how to protect yourself visit our fraud pages for more information.
Information for TPPs
If you are a TPP providing account information or payment initiation services and want to read more about how to use/access our APIs, you can find the technical specifications on our Developer Portal.