Find your expert

Open Banking and the Payment Services Directive II

Third Party Providers

Open Banking

Open Banking is the name used by financial services industry when referring to services allowing payment account holders to share their financial information with, and make payments to, banks and other authorised organisations. This change was led by the UK’s Competition and Markets Authority (CMA) to bring more competition and innovation to the financial services industry.

Open Banking uses a secure system which allows you to tell your bank directly that you’re agreeing to use a regulated Third Party Provider (TPP). When you use the TPP to access your payment account you’ll be directed to your account provider to give your agreement.

The important aspect of Open Banking is that it's up to you if you want to share your data. Open Banking gives the opportunity to share your information, but only if you expressly give your permission.

Payment Services Directive

The Payment Service Directive (PSD) is European law, which is translated into UK law as the Payment Services Regulation. This law tells banks and other providers how they have to process payments and other services linked to providing payment services. The PSD was updated, and one of the changes introduced similar services to those contained in the UK’s pen Banking rules.

The PSD changes mean that TPPs can (with your express permission) access information about your accounts and make payments on your behalf. This includes any payment account you can access online (such as current accounts, credit cards and some savings accounts).

Information for customers

Open Banking was set up by the Competition & Markets Authority on behalf of the UK Government. You can give permitted companies (Third Party Providers or TPPs) access to your accounts, so they can provide you with the following services:

  • Account information: you can see your account information perhaps combined with other information such as all of your accounts with all providers in one place on a mobile app or online. Examples of companies providing this service include cloud accounting providers, other banks and data service providers. We have expanded this service to include all payment account products; current accounts, certain savings accounts and foreign currency accounts.
  • Payment Initiation: this allows payments to be initiated with your consent through the TPP, as an alternative to using another payment facility like a debit or credit card. This service offers the following Payment Functionality:
    • Faster Payments (immediate & future dated)
    • Standing Orders
    • Chaps (immediate & future dated)
    • International Payments
    • File Based Payments (Bulk & Batch)
    • Variable Recurring Payments (Sweeping)

Multi-Authorisation is available for all payment types except Sweeping.

  • Confirmation of Funds: this gives the TPP (Card Based Payment Instrument Issuer) the ability to confirm if you have available funds in your payment account prior to you using their card for a purchase

Giving your consent

Before you give consent for any TPP to access your accounts, it’s important that you understand the services they’re providing and how they’ll use your information, including if they’ll be sharing it with anyone.

  • When using the TPP service, you’ll be redirected to  Santander where we'll take you through a detailed online authorisation process.  Please note, these screens will look different to your usual online banking screen in Connect. You will still need either your Santander Security Device or your mobile authentication app to complete the consent process.
  • You should take reasonable steps to ensure that the company is legitimate before doing this. Remember, you should never share a code from your security device with another person, not even a Santander employee. In all cases, be vigilant and check the transactions on your account regularly. Once the TPP has your consent and has obtained access to your information, we can’t control how it will be used. Visit our fraud pages for more information.

 

Be Safe

Know your rights

  • TPPs can only provide these services if you agree and they can only access the accounts you have given your consent for.
  • TPPs have to provide key information about their services. This should include what data they’ll have access to and how they’ll use it or share it. They’ll also have to tell you what to do if you’re not happy with the service.
  • You can withdraw your consent at any time by accessing the Open Banking connections page (in the Account Information menu) in Connect. Alternatively, you can contact the TPP or call us on 0333 207 2317 between 8am and 5:30pm Monday to Friday.
  • We may refuse to give access to a TPP, for example, if we believe there is a risk of fraud.

Take responsibility

  • Take reasonable steps to check a TPP is legitimate. Ask them for more details, for example who they are regulated by. UK based TPPs must be registered with the Financial Conduct Authority (FCA). You can check the FCA register at: register.fca.org.uk/
  • Be alert. You should be vigilant to fraud when using these services. If there is a reason to suspect that the TPP is not who they claim to be, don’t disclose any information. A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Don’t give out personal or financial details unless it is to use a service that you have signed up to, and you are sure that the request for your information is directly related.
  • Understand what you are agreeing to, by making sure you read the terms and conditions of the TPP carefully.
  • Regularly check your accounts and if you notice any activity you don’t recognise, call us immediately on 0800 085 2090.

Keep safe from fraud

  • Never share a code from your security device with another person, not even a Santander employee.
  • Never download software or let anyone log on to your computer or devices remotely during or after a cold call.
  • Never enter your logon details after clicking on a link in an email or text message.

For more information on how to protect yourself visit our fraud pages for more information.

Information for TPPs

If you are a TPP providing account information or payment initiation services and want to read more about how to use/access our APIs, you can find the technical specifications on our Developer Portal.

 

Frequently Asked Questions