Open Banking & Payment Services Regulation

Payment services regulations and Open banking

The Payment Services Regulations 2017 implement new EU rules which govern the provision of payment services. The Regulations deal mainly with electronic payments – they do not cover payments made by cheque or banker’s draft. The Regulations are designed to increase competition in the provision of payment services within the EU. The 2017 Regulations bring into scope new types of payment services (such as Account Information Services (AIS) and Payment Initiation Services (PIS)) and enhance customer protection and security. You can find more information on the enhanced rights for consumers on this webpage.

At the same time the Competition and Markets Authority (CMA) in the UK has been looking at ways in which banks and Building societies could make it easier for financial services providers to offer new products and services and ultimately better choice for customers. As a result of the work of the CMA the concept of Open Banking has been brought about. Open Banking provides a secure way for organisations (like Danske Bank) who are registered with Open Banking to allow customers to share their account information with regulated Third Party Providers (TPPs). Information is shared through a secure interface, known as an Application Programming Interface (API). This will allow customers to avail of new products and services that TPPs offer.

These changes will come into effect on 13th January 2018.

Frequently Asked Questions

You mention enhanced consumer rights under the Regulations – what are these enhanced rights?

The Regulations cover most types of payment service - that is payments into and out of your account using cash or electronic payment systems. They do not cover payments made by cheque or banker’s draft. When you make a payment into or out of your account using one of these means then you will have the following rights:

  • If you have not given your consent to a payment out of your account then you have a right to a refund of the full payment amount and any interest or charges that you had to pay, by the end of the next business day. We set out in the terms and conditions for your account how you give your consent. For example, if you withdraw cash at a cash machine you give your consent by putting your card into the machine and entering your PIN; if you make a payment out of your account when using eBanking/Business eBanking then you give your consent by entering your electronic signature.
  • If you have asked us to make a payment and we have not followed your instructions, for example we have made a mistake and either not made the payment or made it incorrectly, then you have a right to a refund of the full amount and any interest or charges that you had to pay, by the end of the next business day. In these circumstances we will also trace the payment for you free of charge.
  • If you have asked us to make a payment either into or out of your account and we have made the payment later than we should have then you have a right to ask us to put your account (and the account of the person to whom the payment was being made) into the position it would have been in if we had made the payment on time. You can find full details of the timescales that apply to payments in the Payment Table.
  • If you authorise a payment out of your account but at the time that you gave the authorisation you did not know exactly how much you would have to pay (for example when you are hiring a car) you have a right to ask us for a refund if the amount taken out of your account exceeds what you would reasonably have expected to pay. You must make your claim within 8 weeks of the date that the payment is debited to your account.
  • If you make a mistake when making a payment and accidentally send the money to the wrong account then we will make reasonable efforts to help you to recover the money from the incorrect payee. This is called the Credit Payment Recovery process. We cannot guarantee that we will be successful. If this doesn’t work we will also ask the payee’s bank to provide us with the name and address of the payee so that you can use that information to pursue any legal claim you might have to recover the money.

In the terms and conditions we provide more details about these rights and how you can make a claim. You can find this in the General Terms and Conditions – Personal at Clauses 6 and 7.

Will payments be made quicker?

The new regulations provide that all payments which are made within the EEA – irrespective of whether the currency is an EEA currency or not - must be executed by the end of the 4th business day after the payment order is received. For payments in Euro, within the EEA, the payment must be executed by the end of the next business day.

You can find more details about this in the revised Payment Table. You will find that we try to execute payments even faster than we are required to under the Regulations.

I have an agreement with the payee that when I send payments the payee will pay all the bank charges. Why can I not continue to do this?

If you are making a payment in the EEA then after 13 January 2018 you must choose “SHA” when you are making the payment otherwise we will reject the payment. This is because of a change in the law.

You can still choose “BEN” or “OUR” when you are making a payment to someone who is not in the EEA.

I have been told that under the new Regulations you have to provide me with monthly statements – how will you do that?

The Regulations require us to provide you with information about any payment that is made into or out of your account. We must provide this information by sending you a monthly statement if during any month there has been a payment transaction on your account. We will provide statements on paper.

Personal Customers - If you prefer you can opt instead to have your statements made available in your electronic mailbox. If you want to exercise the option then you need to give us your explicit consent – this is the case, even if you currently get your statements electronically.

Business Customers - If you are a Business eBanking user, we will provide your statements to you via paper and also make them available via eArchive. If you prefer, we can “switch off” paper statements and deliver these solely to your eArchive.

If you want to exercise the option then you need to give us your explicit consent – this is the case, even if you currently get your statements electronically.

I am an existing Danske Bank Personal Customer - why do I need to return the ‘Consent for Electronic Statements’ form?

If you currently get your statements electronically then you will be aware of how convenient that is for you. We want you to continue to enjoy the benefits of having your statements accessible to you online and without the need for paper. We need you to confirm that you wish this arrangement to continue.

We have tried to make it as straightforward as possible for you to give us your consent. You can do this in one of the following ways: you can

  • Sign and return the ‘Consent for Electronic Statements’ form that we have sent you;
  • Call into your Branch to complete the ‘Consent for Electronic Statements’ form;
  • Contact your Branch Support Team (this call will be recorded)
  • Communicate your consent via secure mail.
I am an existing Danske Bank Business Customer - why do I need to return the ‘My Choices’ form?

We ask that you complete the “My Choices” form so that you have better control over your statement delivery and how Third Party Providers access your accounts.

If you currently get your statements electronically then you will be aware of how convenient that is for you. We want you to continue to enjoy the benefits of having your statements accessible to you online and without the need for paper. We need you to confirm that you wish this arrangement to continue.

We have tried to make it as straightforward as possible for you to give us your consent. You can do this in one of the following ways: you can

  • If you are a Sole Trader, you can contact Business Direct and give your consent over the telephone. (this call will be recorded)
  • For all other types of Business Accounts, you must sign and complete the form signed in accordance with the mandate held for your account.

If you have Business eBanking Authorised Users, the My Choices form will allow you to control their access to Third Party Providers. If you do not wish to complete this section, your Authorised Users will not be able to use this service.

I have been receiving my statements through eBanking/Business eBanking for years – have I not already given you consent to do this?

Personal Customers - When you registered for eBanking, in most cases, we automatically registered you for Electronic Mailbox which meant that instead of sending your statements on paper we sent them to your Electronic Mailbox.

The new Regulations require us to ‘provide’ your statements to you (we can currently only do this by sending you paper statements). Under the Regulations we can give you the option of having your statements available electronically (in the same way as we do today) but we need you to give us your explicit consent if you want your current arrangement to continue.

Business customers - When you registered for Business eBanking, in most cases, we automatically registered you for eArchive. This meant that instead of sending your statements on paper we sent them to you online.

The new Regulations require us to ‘provide’ your statements to you (we can currently only do this by sending you paper statements). Under the Regulations we can give you the option of having your statements available electronically (in the same way as we do today) but we need you to give us your explicit consent if you want your current arrangement to continue.

What will happen if I don’t return this consent form?

Personal Customers - If we do not receive your consent to send statements to your electronic mailbox in eBanking we will have to start sending your statements on paper. In order to give you time to return the consent form we will not change your current arrangements until July 2018.

Business Customers - If we do not receive your consent to send statements to your eArchive in Business eBanking we will have to start sending your statements on paper. In order to give you time to return the consent form we will not change your current arrangements until July 2018.

I only ever receive paper statements – do I need to do anything?

If you are happy to continue receiving paper statements, you do not need to do anything.

If at a later stage you chose to receive statements via eBanking/Business eBanking, you can register to have them sent to your electronic mailbox (Personal customers) or eArchive (Business Customers). Just contact your Branch to have your account details updated.



Accessing your account using Third Party Providers (TPPs)

What are Third Party Providers (TPPs)?

A TPP is an independent provider of online services. There are two types of TPP:

  • Account Information Service Providers (AISP)
  • Payment Initiation Service Providers (PISP)
What is an AISP?

An AISP (Account Information Service Provider) is a TPP who, with your consent, provides an online service to provide consolidated information on the payment accounts that you hold with more than one payment service provider (such as your bank or building society). An AISP may use your account data to offer you additional services.

What is a PISP?

A PISP (Payment Initiation Service Provider) is a TPP who provides an online service which allows you to initiate a payment out of your account. For example, if you make a purchase online in future you could be offered an alternative way to pay for your goods. At the moment most online payments are made using a debit or credit card. In future, you may also be offered the option to pay online by bank transfer.

How would a TPP access my accounts?

A TPP cannot access your account unless you give it your explicit permission to do so. You also need to be registered for eBanking/Business eBanking to use the services of a TPP.

There are 2 techniques that TPPs can use to access account information:

Open Banking. This is based on the use of an Application Programme Interface (API) which provides a secure method for TPP access.

Screen Scraping. This is an access technique that some TPPs use today to offer services. These TPPs will ask you to share your online banking logon details, so allowing them direct access to the online banking information they require to provide a service. This TPP will have full access to all information that you can see online and as they are effectively logging on as you, Danske Bank cannot identify this activity.

How does Open Banking work?

If you chose to use the services of a TPP you will be directed to a secure Danske Bank screen where you will be able to either authorise the sharing of your account information (when using an AISP) or authorise a payment (when using a PISP). You will be asked to enter your eBanking/Business eBanking logon details – by doing this you are giving your explicit consent to either permit the TPP access to specific account data for a specific time, or to initiate a payment directly from your bank account.

The TPP is required to ensure that your log on details are not accessible to other parties and that they are transmitted through safe and efficient channels. The Open Banking APIs meet these requirements.

Only TPPs which are authorised and regulated by the FCA or another European Regulator will be able to use the Open Banking APIs.

Why are all of the TPPs not using the Open Banking APIs? Is screen-scraping secure?

There are various reasons why some TPP may not use the Open Banking APIs. For example the Open Banking APIs currently only permit certain types of account to be accessed (sterling current accounts). Over the next year the range of accounts that can be accessed using Open Banking APIs will increase.

If the TPP is using screen scraping techniques it still has to comply with its obligations under the Regulations to ensure that your personalised security credentials are not accessible to other parties. It also has to ensure that it has your explicit consent before it can access your account information. You will have the same rights under the Regulations irrespective of which technique the TPP uses. The main difference that you need to be aware of is that a TPP which uses screen-scraping will be able to see everything that you can see when you are accessing your account online and would be able to do everything that you can do when you have accessed your account online.

Before using a TPP you should check that it is authorised and regulated by the FCA or another European Regulator. You can do this by visiting the FCA Financial Services register at fca.org.uk or by checking the European Banking Authority Register at eba.europa.eu

If I have authorised someone to access my accounts using eBanking/Business eBanking will they be able to use the services of TPPs?

You cannot restrict the authority that you have granted to an authorised user of eBanking/Business eBanking where the TPP uses screen-scraping techniques.

Where the TPP uses the Open Banking APIs an authorised user will not be able to access your account using the services of a TPP unless you have specifically authorised this. If you want an authorised user to be able to use the new services then you need to contact us.

Can I see who I have given permissions to?

Within eBanking/Business eBanking a new screen will be available where you will be able to manage TPP permissions that you have already granted. This will allow you to see what permissions you have given through Open Banking and, where appropriate, you will be able to withdraw individual permissions at any time. If you decide to withdraw a permission that you have granted then it will prevent any future access to your account by that TPP (unless you grant a new permission). It will not change any permission to make a payment or give information about your account to a TPP that has already taken place. If you decide to withdraw permission for a TPP you should also contact that TPP.

You will also be able to contact us to change/update/withdraw TPP permissions.

I don’t have eBanking/Business eBanking. Can TPP access my account information or initiate payments from my account?

No. If you do not have eBanking/Business eBanking a TPP cannot request information or initiate payments from your account. If you want to use these new services more information can be found at;

You have always told me never to give my personalised security credentials (such as my eBanking/Business eBanking logon details) to anyone, not even the police – are you changing that advice?

You should never share your personalised security credentials with anyone – not even the police. However, if you are using a TPP to access your account and you are satisfied that it is authorised and regulated by the FCA or another European Regulator then it is safe to share your personalised security credentials with that TPP. We will not treat this as a breach of the terms and conditions for your account.

What should I do if my personalised security credentials have been lost or stolen or I think that someone else might use them to gain unauthorised access to my account?

You should take all reasonable steps to keep your personalised security credentials safe. We set out in the terms and conditions for our eBanking/Business eBanking service the steps that you should take. You can also read more about online security at

If your personalised security credentials have been lost or stolen or you think that someone else who you have not authorised may know them, you should notify us, without undue delay, in one of the ways set out in Section 1 of the Terms and Conditions for your account.

What accounts will a TPP which uses the Open Banking APIs be able to access?

With your permission, TPPs will be able to access information or process payments from these accounts:

Personal Accounts in scope for Open Banking:

  • Danske Choice
  • Danske Freedom
  • Danske Discovery
  • Danske Cash Reward
  • Danske Standard
  • Current Account Personal
  • Cheque Master
  • CashMaster
  • Principal Account
  • Current Account Plus
  • Danske Choice Plus
  • Danske Prestige
  • Danske 24/7

Business Accounts in scope for Open Banking:

  • Danske Community Account
  • Current Account Business
  • Current Account Charity
  • Small Business Digital
  • Danske Small Business
  • Danske Enterprise - Weekly
  • Danske Enterprise Plus

It is likely that more accounts will be added to this list as the Open Banking APIs are further developed.

If the TPP uses screen-scraping then it can access all of your accounts which can be accessed online in the same way as you can.

Is it safe to use a TPP?

Yes, TPPs which are authorised and regulated by the FCA or another European Regulator have to comply with their obligations under the Payment Services Regulations. This means for example that they must:

  • Ensure that your personalised security credentials are not accessible to other parties;
  • Ensure that your personalised security credentials are transmitted through safe and efficient channels;
  • Ensure that they obtain your explicit consent before providing their services;
  • Not store sensitive payment data (PISPs) or request sensitive payment data (AISPs);
  • Not request more information than they require to provide you with their services;
  • Not change the payment instruction that you give;
  • Have complaint handling procedures; and
  • Comply with various other regulatory requirements.

Before using the services of a TPP you should check that it is authorised and regulated by the FCA or another European Regulator.

Do I have to allow TPP access to my account information?

No. It is entirely your choice if you wish to use the services of a TPP.

I do not want to use TPP services – how do I stop this?

If you do not wish to use the services of a TPP you do not have to do so.

By contacting us you can request that access by TPP who use Open Banking be ‘blocked’ (this can be changed at any time in the future).

TPPs who are NOT participants in Open Banking can only access your accounts if you give them explicit consent to do so. If you have given consent to a TPP that uses screen-scraping techniques and you want to stop it from accessing your account in the future then you need to tell them. You can also stop TPP access by changing your passcode. If you contact us we can arrange for a new passcode to be issued.

What is an API?

API means Application Programming Interface (API) which is a secure portal, providing a secure method for TPPs to access your accounts. The TPP will not be accessing your account using eBanking/Business eBanking when it uses the Open Banking APIs.

How do I recognise a TPP which is using the Screen Scraping technique?

If a TPP asks you to share your online banking logon details and does not direct you to the Danske Bank API webpage then it is using screen-scraping techniques.

Are TPPs regulated?

Under the Regulations all TPPs must be authorised and regulated by the Financial Conduct Authority or other European Regulators. Some TPPs which were active before 12 January 2016 do not need to apply for authorisation until mid-2019. These TPPs cannot use the Open Banking APIs but can use Screen-scraping techniques.

If a payment is made out of my account using the services of a TPP, and I have not authorised that payment, can I get this money back?

If a payment has been made out of your account which you have not authorised you are entitled to ask for a refund. It does not matter whether the payment was made directly (using eBanking/Business eBanking) or through a TPP - you have the same rights under the Regulations.

You have told me that I will not have chargeback rights or s.75 rights if I use a TPP. What does that mean?

Chargeback rights - If you use your debit or credit card to make a payment and you dispute the payment then under the card scheme rules we can attempt to charge the payment back to the merchant. We will grant you a refund. There is no guarantee that the merchant will not challenge any chargeback attempt and if he does then we may reverse the refund.

If you are making a payment using the services of a TPP then you using your card account (rather than the card) to make a credit transfer from your account to the merchant’s account. The card scheme rules do not apply.

The industry is considering whether there is scope to introduce a chargeback scheme for payments made using TPPs but at this stage no voluntary chargeback scheme has been developed. If this changes we will send you further details.

s.75 rights – If you use your credit card to make a payment you have certain rights under s.75 of the Consumer Credit Act 1974 to seek redress from us as well as the merchant in the event that there has been a breach of contract or misrepresentation by the merchant in relation to the goods or services (provided the cost of the goods or services was between £100 and £30,000). Section 75 of the Consumer Credit Act does not apply to payments made out of your credit card account when you are using the services of a TPP.

The industry is considering whether there is scope to introduce a scheme (giving consumers certain rights to seek refunds for defective goods or services) where the payment was made using a TPP but at this stage no voluntary scheme has been developed. If this changes we will send you further details

.

Contact
0345 6002 882

Chat with us

General Service Mortgages Current Accounts Personal Loans Savings eBanking Guidance Technical Support  

 

Contact us

Customer information Useful numbers Book Appointment Become a customer eBanking FAQs

Find out more

Find a branch Danske Mobile Bank App Danske Tablet Bank App