What are Third Party Providers (TPPs)?
A TPP is an independent provider of online services. There are two types of TPP:
- Account Information Service Providers (AISP)
- Payment Initiation Service Providers (PISP)
What is an AISP?
An AISP (Account Information Service Provider) is a TPP who, with your consent, provides an online service to provide consolidated information on the payment accounts that you hold with more than one payment service provider (such as your bank or building society). An AISP may use your account data to offer you additional services.
What is a PISP?
A PISP (Payment Initiation Service Provider) is a TPP who provides an online service which allows you to initiate a payment out of your account. For example, if you make a purchase online in future you could be offered an alternative way to pay for your goods. At the moment most online payments are made using a debit or credit card. In future, you may also be offered the option to pay online by bank transfer.
How would a TPP access my accounts?
A TPP cannot access your account unless you give it your explicit permission to do so. You also need to be registered for eBanking/Business eBanking to use the services of a TPP.
There are 2 techniques that TPPs can use to access account information:
Open Banking. This is based on the use of an Application Programme Interface (API) which provides a secure method for TPP access.
Screen Scraping. This is an access technique that some TPPs use today to offer services. These TPPs will ask you to share your online banking logon details, so allowing them direct access to the online banking information they require to provide a service. This TPP will have full access to all information that you can see online and as they are effectively logging on as you, Danske Bank cannot identify this activity.
How does Open Banking work?
If you chose to use the services of a TPP you will be directed to a secure Danske Bank screen where you will be able to either authorise the sharing of your account information (when using an AISP) or authorise a payment (when using a PISP). You will be asked to enter your eBanking/Business eBanking logon details – by doing this you are giving your explicit consent to either permit the TPP access to specific account data for a specific time, or to initiate a payment directly from your bank account.
The TPP is required to ensure that your log on details are not accessible to other parties and that they are transmitted through safe and efficient channels. The Open Banking APIs meet these requirements.
Only TPPs which are authorised and regulated by the FCA or another European Regulator will be able to use the Open Banking APIs.
Why are all of the TPPs not using the Open Banking APIs? Is screen-scraping secure?
There are various reasons why some TPP may not use the Open Banking APIs. For example the Open Banking APIs currently only permit certain types of account to be accessed (sterling current accounts). Over the next year the range of accounts that can be accessed using Open Banking APIs will increase.
If the TPP is using screen scraping techniques it still has to comply with its obligations under the Regulations to ensure that your personalised security credentials are not accessible to other parties. It also has to ensure that it has your explicit consent before it can access your account information. You will have the same rights under the Regulations irrespective of which technique the TPP uses. The main difference that you need to be aware of is that a TPP which uses screen-scraping will be able to see everything that you can see when you are accessing your account online and would be able to do everything that you can do when you have accessed your account online.
Before using a TPP you should check that it is authorised and regulated by the FCA or another European Regulator. You can do this by visiting the FCA Financial Services register at fca.org.uk or by checking the European Banking Authority Register at eba.europa.eu
If I have authorised someone to access my accounts using eBanking/Business eBanking will they be able to use the services of TPPs?
You cannot restrict the authority that you have granted to an authorised user of eBanking/Business eBanking where the TPP uses screen-scraping techniques.
Where the TPP uses the Open Banking APIs an authorised user will not be able to access your account using the services of a TPP unless you have specifically authorised this. If you want an authorised user to be able to use the new services then you need to contact us.
Can I see who I have given permissions to?
Within eBanking/Business eBanking a new screen will be available where you will be able to manage TPP permissions that you have already granted. This will allow you to see what permissions you have given through Open Banking and, where appropriate, you will be able to withdraw individual permissions at any time. If you decide to withdraw a permission that you have granted then it will prevent any future access to your account by that TPP (unless you grant a new permission). It will not change any permission to make a payment or give information about your account to a TPP that has already taken place. If you decide to withdraw permission for a TPP you should also contact that TPP.
You will also be able to contact us to change/update/withdraw TPP permissions.
I don’t have eBanking/Business eBanking. Can TPP access my account information or initiate payments from my account?
No. If you do not have eBanking/Business eBanking a TPP cannot request information or initiate payments from your account. If you want to use these new services more information can be found at;
You have always told me never to give my personalised security credentials (such as my eBanking/Business eBanking logon details) to anyone, not even the police – are you changing that advice?
You should never share your personalised security credentials with anyone – not even the police. However, if you are using a TPP to access your account and you are satisfied that it is authorised and regulated by the FCA or another European Regulator then it is safe to share your personalised security credentials with that TPP. We will not treat this as a breach of the terms and conditions for your account.
What should I do if my personalised security credentials have been lost or stolen or I think that someone else might use them to gain unauthorised access to my account?
You should take all reasonable steps to keep your personalised security credentials safe. We set out in the terms and conditions for our eBanking/Business eBanking service the steps that you should take. You can also read more about online security at
If your personalised security credentials have been lost or stolen or you think that someone else who you have not authorised may know them, you should notify us, without undue delay, in one of the ways set out in Section 1 of the Terms and Conditions for your account.
What accounts will a TPP which uses the Open Banking APIs be able to access?
With your permission, TPPs will be able to access information or process payments from these accounts:
Personal Accounts in scope for Open Banking:
- Danske Choice
- Danske Freedom
- Danske Discovery
- Danske Cash Reward
- Danske Standard
- Current Account Personal
- Cheque Master
- Principal Account
- Current Account Plus
- Danske Choice Plus
- Danske Prestige
- Danske 24/7
Business Accounts in scope for Open Banking:
- Danske Community Account
- Current Account Business
- Current Account Charity
- Small Business Digital
- Danske Small Business
- Danske Enterprise - Weekly
- Danske Enterprise Plus
It is likely that more accounts will be added to this list as the Open Banking APIs are further developed.
If the TPP uses screen-scraping then it can access all of your accounts which can be accessed online in the same way as you can.
Is it safe to use a TPP?
Yes, TPPs which are authorised and regulated by the FCA or another European Regulator have to comply with their obligations under the Payment Services Regulations. This means for example that they must:
- Ensure that your personalised security credentials are not accessible to other parties;
- Ensure that your personalised security credentials are transmitted through safe and efficient channels;
- Ensure that they obtain your explicit consent before providing their services;
- Not store sensitive payment data (PISPs) or request sensitive payment data (AISPs);
- Not request more information than they require to provide you with their services;
- Not change the payment instruction that you give;
- Have complaint handling procedures; and
- Comply with various other regulatory requirements.
Before using the services of a TPP you should check that it is authorised and regulated by the FCA or another European Regulator.
Do I have to allow TPP access to my account information?
No. It is entirely your choice if you wish to use the services of a TPP.
I do not want to use TPP services – how do I stop this?
If you do not wish to use the services of a TPP you do not have to do so.
By contacting us you can request that access by TPP who use Open Banking be ‘blocked’ (this can be changed at any time in the future).
TPPs who are NOT participants in Open Banking can only access your accounts if you give them explicit consent to do so. If you have given consent to a TPP that uses screen-scraping techniques and you want to stop it from accessing your account in the future then you need to tell them. You can also stop TPP access by changing your passcode. If you contact us we can arrange for a new passcode to be issued.
What is an API?
API means Application Programming Interface (API) which is a secure portal, providing a secure method for TPPs to access your accounts. The TPP will not be accessing your account using eBanking/Business eBanking when it uses the Open Banking APIs.
How do I recognise a TPP which is using the Screen Scraping technique?
If a TPP asks you to share your online banking logon details and does not direct you to the Danske Bank API webpage then it is using screen-scraping techniques.
Are TPPs regulated?
Under the Regulations all TPPs must be authorised and regulated by the Financial Conduct Authority or other European Regulators. Some TPPs which were active before 12 January 2016 do not need to apply for authorisation until mid-2019. These TPPs cannot use the Open Banking APIs but can use Screen-scraping techniques.
If a payment is made out of my account using the services of a TPP, and I have not authorised that payment, can I get this money back?
If a payment has been made out of your account which you have not authorised you are entitled to ask for a refund. It does not matter whether the payment was made directly (using eBanking/Business eBanking) or through a TPP - you have the same rights under the Regulations.
You have told me that I will not have chargeback rights or s.75 rights if I use a TPP. What does that mean?
Chargeback rights - If you use your debit or credit card to make a payment and you dispute the payment then under the card scheme rules we can attempt to charge the payment back to the merchant. We will grant you a refund. There is no guarantee that the merchant will not challenge any chargeback attempt and if he does then we may reverse the refund.
If you are making a payment using the services of a TPP then you using your card account (rather than the card) to make a credit transfer from your account to the merchant’s account. The card scheme rules do not apply.
The industry is considering whether there is scope to introduce a chargeback scheme for payments made using TPPs but at this stage no voluntary chargeback scheme has been developed. If this changes we will send you further details.
s.75 rights – If you use your credit card to make a payment you have certain rights under s.75 of the Consumer Credit Act 1974 to seek redress from us as well as the merchant in the event that there has been a breach of contract or misrepresentation by the merchant in relation to the goods or services (provided the cost of the goods or services was between £100 and £30,000). Section 75 of the Consumer Credit Act does not apply to payments made out of your credit card account when you are using the services of a TPP.
The industry is considering whether there is scope to introduce a scheme (giving consumers certain rights to seek refunds for defective goods or services) where the payment was made using a TPP but at this stage no voluntary scheme has been developed. If this changes we will send you further details