Third party providers: Open Banking and the Payment Services Directive

Open Banking

Open Banking is the name used by the financial industry when referring to new services allowing current account holders to share their financial information with, and make payments to, banks and other authorised organisations. This change was led by the UK’s Competition and Markets Authority (CMA) to bring more competition and innovation to the financial services industry.

Open Banking uses a secure system which allows you to tell your bank directly that you’re agreeing to use a third party provider (TPP). When you’re registering with the TPP you’ll be directed to your account provider to give your agreement and you don’t need to share your Santander Connect Online Banking details with the TPP.

The important aspect of Open Banking is that it's up to you if you want to share your data. Open Banking gives the opportunity to share your information, but only if you expressly give your permission.

Payment Services Directive

The Payment Service Directive (PSD) is European law, which is translated into UK law as the Payment Services Regulation. This law tells banks and other providers how they have to process payments and other services linked to providing payment services. The PSD was updated, and one of the changes introduced similar services to those contained in the UK’s Open Banking rules.

The PSD changes mean that TPPs can (with your express permission) access information about accounts and make payments on your behalf. The accounts include any payment account customers can access online (such as current accounts, credit cards and some savings accounts). Some of these accounts can’t yet be accessed using the method introduced for Open Banking and so to access information some TPPs may ask for your Santander Connect Online Banking details.

Information for customers

Open Banking was set up by the Competition & Markets Authority on behalf of the UK Government. You can give permitted companies (Third Party Providers or TPPs) access to your accounts, so they can provide you with two services:

  • Account aggregation: you can see your accounts with different providers all in one place on a mobile app or online. Examples of companies providing this service include price comparison websites, and banks and building societies.
  • Payment initiation: This will enable online payments to be made on your behalf, as an alternative to using your debit or credit card. Some online retailers will be providing this service.

TPPs can only access your information and provide these type of services if you’re registered for Santander Connect Online Banking and you provide your consent.

Giving your consent

Before you give consent for any TPP to access your accounts, it’s important that you understand the services they’re providing and how they’ll use your information, including if they’ll be sharing it with anyone.

  • When using the TPP service, you’ll be redirected to a new Santander login page to provide consent to your account. Please note, these screens will look different to your usual online banking screen on Connect. You’ll still need your Santander Security Device to complete the consent process.
  • Some TPPs may not be able to access your accounts in this way, so may ask you to share your log on details with them. You should take reasonable steps to ensure that the company is legitimate before doing this. Remember, you should never share a code from your security device with another person, not even a Santander employee. In all cases, be vigilant and check the transactions on your account regularly. Once the TPP has your consent and has obtained access to your information, we can’t control how it will be used. Visit our fraud pages for more information.

Remember, you can withdraw your consent at any time by contacting us or the TPP. See the FAQs below for more information.

Be Safe

Know your rights

  • TPPs can only provide these services if you agree and they can only access the accounts you have given your consent for.
  • TPPs have to provide key information about their services. This should include what data they’ll have access to and how they’ll use it or share it. They’ll also have to tell you what to do if you’re not happy with the service.
  • You can withdraw your consent at any time by accessing the Third Party Consents page (in the Account Information menu) in Connect. Alternatively, you can contact the TPP or call us on 0800 085 1580 between 8am and 6pm Monday to Friday and 8am and 2pm on Saturday.
  • We may refuse to give access to a TPP, for example, if we believe there is a risk of fraud.

Take responsibility

  • Take reasonable steps to check a TPP is legitimate. Ask them for more details, for example who they are regulated by. UK based TPPs must be registered with the Financial Conduct Authority (FCA), with the exception of those who started operating before 12 January 2016. You can check the FCA register at: register.fca.org.uk/
  • Be alert. You should be vigilant to fraud when using these services. If there is a reason to suspect that the TPP is not who they claim to be, don’t disclose any information. A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Don’t give out personal or financial details unless it is to use a service that you have signed up to, and you are sure that the request for your information is directly related.
  • Understand what you are agreeing to, by making sure you read the terms and conditions of the TPP carefully.
  • Regularly check your accounts and if you notice any activity you don’t recognise, call us immediately on 0800 085 2090.

Understand the consequences

  • Once you have authorised a TPP to make a payment, you may not be able to stop it.

Keep safe from fraud

  • Never share a code from your security device with another person, not even a Santander employee.
  • Never download software or let anyone log on to your computer or devices remotely during or after a cold call.
  • Never enter your logon details after clicking on a link in an email or text message.

For more information on how to protect yourself visit our fraud pages for more information.

Information for TPPs

If you are a TPP providing account information or payment initiation services and want to read more about how to use/access our APIs, you can find the technical specifications on our Developer Portal.

Frequently Asked Questions

Which accounts can I give a TPP access to?

You can give access to your Corporate Current Account with single authorisation. The access level will vary depending on the TPP offering the service.

TPPs who you share your Connect login details with will be able to access information about all of your accounts that are accessible in your Online Banking.

How long is the consent I've given to a TPP valid for?

This should be made clear to you by the TPP when you are agreeing to use their services. In some instances it may be limited to 90 days.

For account information consents you can withdraw your consent at any time. For more information see the ‘How do I withdraw my consent’ question below.

For payment initiation services, your consent will be required every time a TPP initiates a payment on your behalf. The payments will normally come out of your account straight away, although they can take longer (up to 90 days).

How do I withdraw my consent?

You can stop consent at any time by accessing the Third Party Consents page (in the Account Information menu) when you log on to Connect. Alternatively, you can contact the TPP to cancel the access to your accounts, or you can call us on 0800 085 1580 between 8am and 6pm Monday to Friday and 8am and 3pm on Saturday.

If you’ve provided a TPP with your Online Banking log on details, requesting new ones might be the only way to ensure the access is no longer possible.

What can I do if I want to stop a payment initiated by a TPP?

You should contact the TPP directly. Once you have authorised the payment, we won’t be able to stop it.

The payments will normally come out of your account straight away, although they can take longer (up to 90 days).

What should I do if I notice a payment I didn't authorise?

You should check your accounts regularly and if you notice any payments you do not recognise, contact us as soon as possible.

You can call us on 0800 085 2090 Monday to Friday 8am to 5:30pm.

For more information about responsibility for unauthorised transactions please see the terms and conditions of your Santander account.

Where can I find out more information about TPPs and their services?

For more information you may want to visit: The Open Banking and the Financial Conduct Authority websites.

 

Open Banking,CMA,Third Party,Third Party Providers,TPP

Protecting your money - Financial Services Compensation Scheme (Opens in a new window)