PSD2 and Open Banking
Major changes impacting the financial services sector came into effect in January 2018. The changes relate to new EU legislation on payment services – PSD2 - and the introduction of Open Banking in the UK. They are designed to benefit you, the customer.
So what are these changes and what do they mean for you? We’ve included some FAQs below to help explain.
About PSD2 and Open Banking
What is PSD2?
The Payment Services Directive (PSD2) is a major piece of EU legislation that requires all payment account providers across the EU to make significant changes.
PSD2 is being implemented in the UK through the Payment Services Regulations, which govern the provision of payment services and are designed to increase competition.
It is a significant evolution of existing regulation for the payments industry and brings many advantages for customers, such as more and better services, greater protection against fraud and enhanced consumer rights.
PSD2 provides the legal framework for Open Banking.
You can find more information about what the changes mean for you in the booklet we sent you last November (see question below on changes to your terms and conditions).
What is Open Banking?
It’s a new, secure way for financial services organisations to share information with third parties who wish to create new products and services offering customers faster payment methods and innovative new banking products.
Banks and building societies are now required to make certain information accessible to other approved companies in a standardised, straightforward and secure way, and only ever with your explicit consent.
You can find more information about Open Banking at: www.openbanking.org.uk
Why is Open Banking being introduced?
An investigation by the Competition and Markets Authority (CMA) into the supply of personal current accounts and of banking services to small and medium businesses concluded that action needed to be taken to improve competition in banking and financial services. Open Banking was one of the changes that the CMA believed could improve competition and choice for customers.
How will Open Banking benefit me?
Open Banking has been designed to give consumers and small businesses real control over how they move, manage and make more of their money.
You will no longer be solely reliant on your bank or building society for the things you can do with your accounts. This could make managing your money simpler, applying for new products quicker or comparing different products easier.
What has changed for me on 13 January 2018?
The terms and conditions for your account changed on this date. We have detailed what this means for you in the booklet we sent you.
In time, you may start to notice banks or other third party providers offer new services and innovative apps that make use of the newly standardised and accessible information. It is entirely your choice if you wish to use such services - you’re in control of who you share your information with.
Changes to your terms and conditions
We sent you a booklet in November 2017 containing detailed information on changes to your terms and conditions in response to PSD2 and Open Banking. The new terms and conditions are effective from 13 January 2018.
This is an important mailing and it is therefore important that you read it in full.
If you are registered for eBanking or Business eBanking you will have received this booklet electronically. Please check your secure mail or eArchive if you have not seen it.
You can also download copies of this booklet below.
You should also have received a Consent for Electronic Statements form (personal customers) or My Choices form (business customers). If you need another copy, please call or visit your nearest branch.
As the booklets contained a lot of information, we have included some commonly asked questions below.
I already receive my current account statements electronically. Do I still need to complete the consent form?
Yes. We want you to continue to enjoy the benefits of having your statements available to you online, but under the new regulations we need confirmation that you want this arrangement to continue.
You can do this in one of the following ways:
- Sign and return the ‘Consent for Electronic Statements’ form that we have sent you
- Send us a message securely via eBanking or our mobile or tablet app
- Call into your nearest branch to complete the form
- Call your branch on 0345 6002 882 (this telephone call will be recorded)
- If you are a Sole Trader, you can call Business Direct on 03452 66 88 99 and give your consent verbally (this call will be recorded)
- For all other types of business accounts, you must sign and complete the My Choices form in accordance with the mandate held for your account
If we do not receive this consent, we will have to start sending your statements on paper. In order to give you time to return the form we will not change your current arrangements until July 2018.
I only ever receive paper statements – do I need to do anything?
No. If you’re happy to continue receiving paper statements, you don’t need to do anything.
If you would like to receive statements electronically, simply call or visit your branch and ask for this service.
Using a Third Party Provider
What is a Third Party Provider?
A Third Party Provider (often referred to as a TPP) is a company that will be able to access and share information securely using technology called Application Programming Interfaces (APIs). They can only do this with your permission.
There are two types of TPPs:
- Aggregators – companies that allow you to see a consolidated view of the payment accounts that you hold with different payment service providers (such as banks or building societies). You may see these companies referred to as Account Information Service Providers (AISPs).
- Payment initiators – companies that can initiate online payments from your accounts on your behalf. You may see these companies referred to as Payment Initiation Service Providers (PISPs).
Which Danske Bank accounts will a TPP be able to access?
With your permission, TPPs using Open Banking will be able to access information or process payments from these accounts:
- Danske Choice
- Danske Freedom
- Danske Discovery
- Danske Cash Reward
- Danske Standard
- Current Account Personal
- Cheque Master
- Principal Account
- Current Account Plus
- Danske Choice Plus
- Danske Prestige
- Danske 24/7
- Danske Community Account
- Current Account Business
- Current Account Charity
- Small Business Digital
- Danske Small Business
- Danske Enterprise - Weekly
- Danske Enterprise Plus
Is it safe to use a TPP?
Yes, companies that are authorised and regulated by the FCA or another European Regulator have to comply with their obligations under the Payment Services Regulations. This means for example that they must:
- Ensure that your personalised security credentials are not accessible to other parties
- Ensure that your personalised security credentials are transmitted through safe and efficient channels
- Ensure that they obtain your explicit consent before providing their services
- Not store sensitive payment data (PISPs) or request sensitive payment data (AISPs)
- Not request more information than they require to provide you with their services
- Not change the payment instruction that you give
- Have complaint handling procedures
- Comply with various other regulatory requirements
Before using the services of a TPP, you should check that it is authorised and regulated by the FCA or another European Regulator.
I don’t have eBanking or Business eBanking. How do I use the services of a TPP?
You will need to register for eBanking or Business eBanking as TPPs cannot request information or initiate payments from your account. To do this you can contact us on 0345 6002 882.
Will my authorised users on eBanking or Business eBanking be able to use the services of TPPs?
Only if the TPP uses Open Banking to access your account information and you have given us your consent by contacting us, or if you’re a business customer, by completing the My Choices form we sent you.
There are two techniques that TPPs can use to access your account information:
- Through Open Banking, which is based on the use of an Application Programme Interface (API) that provides a secure method for third party access
- Through a technique known as ‘screen-scraping’ where the TPP will ask you to share your online banking logon details, allowing them direct access to the online banking information they require to provide a service. This will give them full access to all information that you can see online. As they are effectively logging on as you, we cannot identify this activity
Authorised users or persons you have authorised to use eBanking or Business eBanking will automatically be able to access the services of TPPs who use screen-scraping. If you wish to stop this access you need to review the mandate permissions that you have granted these users. You can do this by contacting us on 0345 6002 882.
Why are all of the TPPs not using Open Banking?
There are various reasons why some TPPs may not use Open Banking. For example, the types of account that can be accessed through Open Banking are currently limited to current accounts.
Companies using screen-scraping techniques still have to comply with their obligations under the Regulations to ensure that your personalised security credentials are not accessible to other parties. They still need your explicit consent to access your account information.
The main difference you need to be aware of is that a company that uses screen-scraping will be able to see everything that you can see when you are accessing your account online and would be able to do everything that you can do when you have accessed your account online.
Remember you can check whether a service you are thinking of using is safe by asking the provider for more details and confirming that they are approved by the Financial Conduct Authority or another EU regulator.
You will have the same rights under the Regulations irrespective of which technique the TPP uses.
How will I know if a TPP uses Screen Scraping techniques?
If they ask you for your eBanking or Business eBanking login details, it is using screen-scraping techniques to access your account information.
Can I see who I have given permissions to?
Yes, you can do this any time through eBanking and Business eBanking where you’ll be able to see and manage TPP permissions that you have given. You will only be able to see and manage any TPP permissions you have given through Open Banking, you will not be able to see any screen-scraping permissions you have given.
You can withdraw individual permissions at any time.
You can also contact us directly to change, update or withdraw TPP permissions.
If you decide to withdraw a permission then it will prevent any future access to your account by that TPP (unless you grant a new permission). It will not change any permission to make a payment or give information about your account to a TPP that has already taken place.
If you decide to withdraw permission for a TPP you should also contact that TPP.
If I use a TPP to buy goods or services will I have the same consumer protection as when I pay by card?
No. If you are making a payment using the services of a TPP then you use the acount to which your card is linked, rather than the card itself, to make a credit transfer from your account to the merchant's account. The card scheme rules therefore do not apply.
I am a Business Customer, how do I permit Authorised Users with a Separate Mandate to access my accounts using the services of Third Party Providers (TPPs) via the Open Banking APIs?
If you want to permit Authorised Users with a Separate Mandate to access your accounts using the services of TPPs through the Open Banking APIs, you can contact us by phoning 0345 8509 515 between Monday to Friday 8am-8pm/Saturday and Sunday 9am-4:30pm, by secure mail on Business eBanking, or using the form at the link below.
Please note that any Authorised User can access your accounts using a Third Party Provider which uses screen-scraping techniques – without the need for your consent. You should review the mandates that you have provided to Authorised Users and contact us if you want to change the authority that you have granted.
If you are an Unincorporated Club or Society, you must complete this consent using the My Choices form, which can be accessed through the link below, and must be accompanied by a signed resolution.
My Choices form
This form must be returned to:
Business Customer Support,
If you require assistance in completing the form, please contact your Business Manager, Account Manager or Branch Manager.
Protecting yourself against fraud
What can I do to protect myself against Fraud?
Regulatory changes mean that you may increasingly be offered new financial services to give you more choice and control over your finances and to help you more easily compare deals between providers. To use these services you will be asked to give consent to your bank or another provider to access your financial data or to make payments on your behalf.
- One way you will be able to provide your consent is by logging into your online banking account. Your financial information can then be shared with other providers via secure channels
- Some services may involve you sharing your online banking login details and giving your consent to the provider whose services you’ve chosen to use
- You should make sure you are confident the organisation you share your information with are who they say they are
- A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Don’t give out personal or financial details unless it is to use a service that you have signed up to, and you’re sure that the request for your information is directly related
- If you share account data with a company or service, it’s their responsibility to protect it. You should make sure you understand how a company or service plans to use your data
- If you don’t know who you are talking to, or there is reason to suspect that the provider is not who they claim to be, don’t disclose your banking security details, or other personal or financial information
Fraudsters will often try to impersonate somebody we trust so it’s important to understand the difference between a legitimate request to share your account information for a service you’ve chosen to use and an unexpected request.
For more information on how to protect yourself against Fraud visit:
Take Five WebsiteFinancial Conduct Authority website
So is it now safe to give my personalised security credentials to a third party?
A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. You should only give our personal or financial details to use a service that you’re expecting to contact you, that you’ve given your consent to and that you trust.
You can check whether a service you’re thinking of using is safe by asking the provider for more details and confirming that they are approved by the Financial Conduct Authority or another EU regulator.
If you don’t know who you are talking to, or there is reason to suspect that the provider is not who they claim to be, don’t disclose your banking security details, or other personal financial information.
What should I do if my details have been lost or stolen?
If your personalised security credentials have been lost or stolen or you think that someone else who you have not authorised may know them, you should contact us immediately by calling:
- 24/7 eBanking Fraud Helpline - 0800 917 7657
- 24/7 Business eBanking Fraud Helpline - 0800 917 7918
If I receive a payment by mistake, can I stop Danske sharing my name and address with the payer’s bank?
If you have received a payment by mistake, or if you have received a payment that you do not recognise, you should let us know as soon as possible. You should not spend the money if you are in any doubt as to whether it belongs to you.
We will make enquiries on your behalf. If the payer’s bank tells us that the payer made a mistake, we will take the money out of your account and return it to the payer. We don’t need your permission to do this but we will keep you informed before we return the money.
If you have spent the money or if you object to the money being returned to the payer, under the new regulations we have to provide all relevant information, including your name and address details, to the payer’s bank so that the payer can take legal action to claim repayment of the funds. If you object to this information being provided you will have to seek your own legal advice as to how you should proceed.
If you did not find the information you were looking for, please contact your branch or relationship manager or one of the ways set out in the Contact Us section of this website.