Open Banking data sharing

Open Banking is a new service that lets account holders share their financial information and give permission for banks and other organisations to make payments from certain accounts.

Open Banking was introduced by the UK's Competition and Markets Authority (CMA) to bring more competition and innovation to the financial services industry. It works using a secure system that lets you register with other banks or authorised organisations, known as third party providers (TPPs) and tells your bank to let them use your current account details.

It's your choice if you want to share your data. Open Banking gives the opportunity to share your information, but only if you give your permission.

The Payment Service Directive (PSD) is European law, which is translated into UK law as the Payment Services Regulation. This law tells banks and other providers how they should process payments and other services linked to providing payment services. The PSD was updated, and one of the changes introduced similar services to those in the UK's Open Banking rules.

The PSD changes mean that TPPs can see information about accounts and make payments on your behalf, with your permission. This applies to any payment account you can use online. Some TPPs ask for your Internet Banking details so that they can see and use your account details, because they can't use the methods introduced for Open Banking for some accounts. The services offered by TPPs and the way they access information is changing. Open Banking is now available for all our customers.

After changes to the law and regulation, you can now give permitted companies TPPs access to some of your accounts, so they can give services such as:

Account aggregation: see your accounts with different providers all in one place in a mobile app or online. Banks, building societies and price comparison websites are some of the companies that offer this service.
Payment initiation: online payments can be made on your behalf, as an alternative to using your debit or credit card. Some online retailers provide this service.
Confirmation of funds: the ability for a TPP to be able to confirm if you have available funds before you use their card for a purchase.

TPPs can only access your information and provide these types of services if you're registered for Internet Banking and give your consent. If you share your Internet Banking details the TPP will be able to see information about other accounts you can see in Internet Banking.

Before you give consent for any third party provider (TPP) to access your accounts, it's important that you understand the services they're providing and how they'll use your information, including if they'll be sharing it with anyone. You should also take reasonable steps to ensure that the company is legitimate. See the 'Be safe' section for more information.

To get your consent to access your accounts, TPPs can:

Redirect you to Cater Allen, where we'll take you through an online authorisation process. The process is similar to how to log on to our Internet Banking service. You'll need a One Time Passcode (OTP) to complete the consent process. This will be sent to the mobile number registered with us. Remember you should never share an OTP with anyone, not even a member of Cater Allen staff.

Before sharing your details with a TPP you should take reasonable steps to check the TPP is legitimate. Always be vigilant and check the transactions on your account regularly. Once the TPP has got your consent and has access to your information, we can't control how they'll use it. See the 'Be safe' tab below for more information.

Remember, you can withdraw and manage your account information consents at any time.

Here's how:

Log on to internet banking
Choose 'My Account - Account Services'
Click on 'Open banking connections - Accounts to view or withdraw consents'.

For payment initiation services, how you give your consent depends on the kind of payment you're making:

Single immediate payments: you'll have to give your consent every time a TPP initiates a payment on your behalf. The payments will normally come out of your account straightaway, although they can take longer. Once you've authorised a payment, we won't be able to stop it. The payments initiated by these companies are Faster Payments, these are taken directly from your account using your account details and not your card
Standing orders: you'll need to give your consent during the setup of the standing order. Once the consent is given, your scheduled payment or payments will work as normal
Future-dated payments: you'll need to give your consent every time you wish to set up a future-dated payment. Once the consent is given, your scheduled payment will work as normal.

Know your rights

Third party providers (TPPs) can only provide these services if you agree and they can only access the accounts you have given your consent for.
TPPs have to provide key information about their services. This should include what data they will have access to and how they will use it or share it. They will also have to tell you what to do if you're not happy with the service.
You can withdraw and manage your consents at any time.
If you've provided any of your log on details to a TPP you'll need to tell them to stop using them to access your information. You may want to order new details to be confident that they can't be used by anyone you don't want to access your information.
We may refuse to give access to a TPP, for example, if we believe there is a risk of fraud.

Take responsibility

Take reasonable steps to check a TPP is legitimate. Ask them for more details, for example who they are regulated by. UK based TPPs must be registered with the Financial Conduct Authority (FCA), with the exception of those who started operating before 12 January 2016. This is however a transitional provision, from the 14 September 2019 all UK based TPPs must be registered with the Financial Conduct Authority (FCA). You can check the FCA register at: fca.org.uk.
Be alert. You should be vigilant to fraud when using these services. If there is a reason to suspect that the TPP is not who they claim to be, don't disclose any information. A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Don't give out personal or financial details unless it is to use a service that you have signed up to, and you're sure that the request for your information is directly related.
Understand what you are agreeing to, by making sure you read the terms and conditions of the TPP carefully.
Regularly check your accounts and if you notice any activity you don't recognise, talk to us. Call +44 (0)1142282407
If you notice a transaction that you didn’t authorise or think you have been a victim of fraud you should let us know immediately by calling us on 0800 092 3300 (international number +44 (0)1142282407).
For more information about your responsibilities and keeping your account safe take a look at the Terms and Conditions of your account, which you can find on the product page, or find out more on our keeping yourself secure page.

Understand the consequences

Once the TPP has your consent and has obtained your information, they'll be responsible for the security of that data. We can't control how it will be used.
Once you have authorised a TPP to make a payment, you may not be able to stop it.

Keep safe from fraud

Never share a Cater Allen One Time Passcode (OTP) with anyone, not even with a member of Cater Allen staff.
Never download software or let anyone log on to your computer or devices remotely during or after a cold call.
Never enter your Internet Banking details after clicking on a link in an email or text message.
For more information on how to protect yourself see our keeping yourself secure page.

Your rights when making payments in Europe

Find out about your rights when you make payments in Europe.

For more information you may want to visit:

The Open Banking and the Financial Conduct Authority websites.

If you're a TPP providing account information or payment initiation services and want to read more about how to use/access our APIs, you can find the technical specifications on our developer portal.

Cater Allen Open Banking APIs are live. You can find some additional information in the Open Banking update for Third Parties (pdf) document.

Contact your TPP first, who can investigate this for you. If this doesn't solve your problem, please contact us.

Please be aware

We'll never call you and ask you to move your money to keep it safe.

Criminals will use numbers on our website to try and convince you they're genuine. If the caller has told you to check our website to prove they're legitimate, end the call, it's a scam.

If this happens to you, hang up, wait 5 minutes to be sure the line is clear. You should then call us on 159 to securely connect to your bank, or on 0800 092 3300.

Learn more at our Fraud and Security Centre

Open Banking data sharing

Third party providers' services

Giving your consent

Be safe

Know your rights

Take responsibility

Understand the consequences

Keep safe from fraud

Your rights when making payments in Europe

Find out more

Information for TPPs

Trouble connecting with your 3rd Party Provider

Please be aware