Third Party Providers (TPPs)

We always tell you ‘never share your Online Services details with anyone else’ but with the introduction of new services known as Open Banking you may choose to allow appropriately authorised and/or registered Third Party Providers (TPPs) access to your payment accounts with us.

The Open Banking industry website has practical information and guidance. Further information can also be obtained on the Financial Conduct Authority (FCA) website

 

Whatever you decide

It is up to you whether you choose to use Open Banking.  You must give your consent to a TPP first before they can access your payment account. We have detailed below how you can make use of and manage the different TPP services available:

Services offered by TPPs

Managing this service

Account Information Services

You will need to use your Online Services security details to authenticate yourself to us in order for the TPP to obtain information on your accounts.

You can view and remove any permissions you’ve given to TPPs through Online Services.

Payment Initiation Service

If you are making a purchase online you may be provided with an option to pay directly from your bank account instead of using a debit or credit card. You will need to use your Online Services security details to authenticate yourself to us in order for the payment to be made. 

You will see the details of your payment within your payment history in Online Services.

Alternative

Some TPPs may ask for your Online Services security details to access your account information or initiate a payment on your behalf. In these circumstances the TPP will access your Online Services directly in the same way as you would.

Please note:  This means we will not be able to identify that it is a TPP and not you accessing your Online Services.  It is therefore very important you are satisfied the TPP is genuine.

Permission to these TPPs can only be removed by changing your PAC.

Card Based Payment Instrument Issuer (CBPII)

A CBPII is a payment services provider that can perform an availability of funds check on your online payment account. Before we respond to such a request you must verify with us by using your Online Services security details that you are permitting such requests on your account. You will only need to grant access to each TPP once. The response given to the TPP will be a ‘Yes/No’ answer only and at no time will this type of TPP have access to your actual account balance.  

You can view and remove any permissions you’ve given to TPPs through Online Services. 

 

What else do I need to know?

If you do choose to use a TPP, you should safeguard the security of your online account(s):

  • by ensuring the TPP is authorised and/or registered by the FCA or another European Regulator by checking the regulator’s website.
  • be aware some TPPs are not registered with a regulator, but have services you may wish to use. The FCA have given guidance to consumers on this, see below
  • by ensuring it is a legitimate site – look for the security padlock icon in the address bar and check to see it has ‘https’ as part of the address.

If you consent to a TPP accessing your account online that is not appropriately authorised and/or registered you may be liable for any loss you suffer as a result.

The FCA have given the following guidance on who can provide these new services and how you can protect yourself.

How do I Report Fraud

How do I Report Fraud

back to security centre

Back to Security Centre Home