Open Banking and the Payment Services Directive II

Open Banking

Open Banking is the name used by financial services industry when referring to new services allowing payment account holders to share their financial information with, and make payments to, banks and other authorised organisations. This change was led by the UK’s Competition and Markets Authority (CMA) to bring more competition and innovation to the financial services industry.

Open Banking uses a secure system which allows you to tell your bank directly that you’re agreeing to use a regulated Third Party Provider (TPP). When you use the TPP to access your payment account you’ll be directed to your account provider to give your agreement.

The important aspect of Open Banking is that it's up to you if you want to share your data. Open Banking gives the opportunity to share your information, but only if you expressly give your permission.

Payment Services Directive

The Payment Service Directive (PSD) is European law, which is translated into UK law as the Payment Services Regulation. This law tells banks and other providers how they have to process payments and other services linked to providing payment services. The PSD was updated, and one of the changes introduced similar services to those contained in the UK’s pen Banking rules.

The PSD changes mean that TPPs can (with your express permission) access information about your accounts and make payments on your behalf. This includes any payment account you can access online (such as current accounts, credit cards and some savings accounts).

Information for customers

Open Banking was set up by the Competition & Markets Authority on behalf of the UK Government. You can give permitted companies (Third Party Providers or TPPs) access to your accounts, so they can provide you with three services:

  • Account information: you can see your account information perhaps combined with other information such as all of your accounts with all providers in one place on a mobile app or online. Examples of companies providing this service include cloud accounting providers, other banks and data service providers. We have expanded this service to include all payment account products; current accounts, certain savings accounts and foreign currency accounts.
  • Payment Initiation: this allows payments to be initiated with your consent through the TPP, as an alternative to using another payment facility like a debit or credit card. This service offers the following Payment Functionality:
    • Faster Payments (immediate & future dated)
    • Standing Orders
    • Chaps (immediate & future dated)
    • International Payments
    • File Based Payments (Bulk & Batch)

Multi-Authorisation is available for all payment types (the ability for different users to authorize the payment initiated through the TPP on your Santander payment account).

  • Confirmation of Funds: this gives the TPP (Card Based Payment Instrument Issuer) the ability to confirm if you have available funds in your payment account prior to you using their card for a purchase

Giving your consent

Before you give consent for any TPP to access your accounts, it’s important that you understand the services they’re providing and how they’ll use your information, including if they’ll be sharing it with anyone.

  • When using the TPP service, you’ll be redirected to a new Santander login page to provide consent to your account. Please note, these screens will look different to your usual online banking screen on Connect. You’ll still need your Santander Security Device to complete the consent process.
  • You should take reasonable steps to ensure that the company is legitimate before doing this. Remember, you should never share a code from your security device with another person, not even a Santander employee. In all cases, be vigilant and check the transactions on your account regularly. Once the TPP has your consent and has obtained access to your information, we can’t control how it will be used. Visit our fraud pages for more information.

Be Safe

Know your rights

  • TPPs can only provide these services if you agree and they can only access the accounts you have given your consent for.
  • TPPs have to provide key information about their services. This should include what data they’ll have access to and how they’ll use it or share it. They’ll also have to tell you what to do if you’re not happy with the service.
  • You can withdraw your consent at any time by accessing the Third Party Consents page (in the Account Information menu) in Connect. Alternatively, you can contact the TPP or call us on 0800 085 1580 between 8am and 6pm Monday to Friday and 8am and 2pm on Saturday.
  • We may refuse to give access to a TPP, for example, if we believe there is a risk of fraud.

Take responsibility

  • Take reasonable steps to check a TPP is legitimate. Ask them for more details, for example who they are regulated by. UK based TPPs must be registered with the Financial Conduct Authority (FCA), with the exception of those who started operating before 12 January 2016. You can check the FCA register at: register.fca.org.uk/
  • Be alert. You should be vigilant to fraud when using these services. If there is a reason to suspect that the TPP is not who they claim to be, don’t disclose any information. A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Don’t give out personal or financial details unless it is to use a service that you have signed up to, and you are sure that the request for your information is directly related.
  • Understand what you are agreeing to, by making sure you read the terms and conditions of the TPP carefully.
  • Regularly check your accounts and if you notice any activity you don’t recognise, call us immediately on 0800 085 2090.

Keep safe from fraud

  • Never share a code from your security device with another person, not even a Santander employee.
  • Never download software or let anyone log on to your computer or devices remotely during or after a cold call.
  • Never enter your logon details after clicking on a link in an email or text message.

For more information on how to protect yourself visit our fraud pages for more information.

Information for TPPs

If you are a TPP providing account information or payment initiation services and want to read more about how to use/access our APIs, you can find the technical specifications on our Developer Portal.

Frequently Asked Questions

Which accounts can I give a TPP access to?

You can give access to your Corporate Payment Accounts. The access level will vary depending on the TPP offering the service.

How long is the consent I've given to a TPP valid for?

This should be made clear to you by the TPP when you are agreeing to use their services. In some instances it may be limited to 90 days.

For account information and confirmation of funds consents you can withdraw your consent at any time. For more information see the ‘How do I withdraw my consent’ question below.

For payment initiation services, dependent on the payment type, you’ll need to do one of the following:

  • Single immediate payments - you will have to give your consent every time a TPP initiates a payment on your behalf. The payments will normally come out of your account straight away, although they can take longer. Once you’ve authorised a payment, we won’t be able to stop it.
  • Standing order – you will need to give your consent during the set up of the standing order. Once the consent is given, your scheduled payments will work as normal.
  • Future dated payments – you will need to give your consent every time you wish to set up a future dated payment. Once the consent is given, your scheduled payment will work as normal.
  • International payments: you’ll need to give your consent every time a TPP initiates a payment on your behalf. If it’s an immediate payment it will normally come out of your account straightaway and you’ll be able to see the rate used in Online and Mobile Banking or on your statements. 
  • Chaps payments - you will need to give your consent every time a TPP initiates a payment on your behalf. If this is an immediate payment, we won’t be able to stop it. Scheduled payments will work as normal 
  • File Based payments – you will need to give your consent every time a TPP initiates a payment on your behalf. This consent will be for the whole file and all the payments contained within. If this is an immediate payment, we won’t be able to stop it. Scheduled payments will work as normal. For file payment uploads, if there are problems with any of the payee credentials the file will still be processed. You will need to review your statements to identify which payments have not been processed. 
  • If you have any queries related to your transactions, please contact us on 0800 085 1580 between 8am and 6pm Monday to Friday and 8 am and 2pm on Saturday.
How do I withdraw my consent?

You can stop consent at any time by accessing the Third Party Consents page (in the Account Information menu) when you log on to Connect. Alternatively, you can contact the TPP to cancel the access to your accounts, or you can call us on 0800 085 1580 between 8am and 6pm Monday to Friday and 8am and 2pm on Saturday.

What can I do if I want to stop a payment initiated by a TPP?

You should contact the TPP directly. Once you have authorised the payment, we won’t be able to stop it.

The payments will normally come out of your account straight away, although they can take longer.

If you wish to stop or amend a standing order or future dated payment instruction set up through TPP, you can do this online or by calling us on 0800 085 1580 between 8am and 6pm Monday to Friday and 8am and 2pm on Saturday.

What should I do if I notice a payment I didn't authorise?

You should check your accounts regularly and if you notice any payments you do not recognise, contact us as soon as possible.

You can call us on 0800 085 2090 Monday to Friday 8am to 5:30pm.

For more information about responsibility for unauthorised transactions please see the terms and conditions of your Santander account.

Can I use the payment services available through a TPP if I multi authorisation set up on my account?

Yes, payment services offered by a TPP can be used if you have multi authorisation set up, depending on the services provided by the TPP.

To authorise a payment initiated through Open Banking, you will need to access the Third Party Consents page within Connect (in the account information menu). Select the Authorise Third Party Payments section, where you will see all Open Banking Payments waiting for authorisation.

Requests can be approved or rejected at this stage. Open Banking Payments cannot be amended.

I have been removed from my Payment Account, but I can still see the data through my TPP?

If you have consented to share your data with a TPP, this could be valid for up to 90 days, if you have since been removed from that account, please revoke the consent through the online dashboard within Connect under the account information section.

Following revocation, you may still be able to see historic information already shared with your TPP.

The name my TPP has changed on my consent and online dashboard, why is that?

A change in the Open banking requirements has resulted in us displaying the TPPs trading name/brand name during the authentication journey and on the dashboard. We no longer display the registered company name of the Third Party Provider.

We may also show the Agent company name (if applicable) within the consent and dashboard, captured as ‘On behalf of’.

Where can I find out more information about TPPs and their services?

For more information you may want to visit: The Open Banking and the Financial Conduct Authority websites.

 

Open Banking,CMA,Third Party,Third Party Providers,TPP

Protecting your money - Financial Services Compensation Scheme (Opens in a new window)