What are the thinkmoney Current Account fees?
Can I apply for an account if I've got bad credit?
I need to send ID to open an account. What ID can I send?
How do I upload my ID?
What if I can't or don't want to upload my ID?
What if I don't have any of the documents you accept?
4 steps to set up your account
How to get your ID upload right
How to open an account via the app
Can I pay in cash and cheques at the Post Office?
How do I pay cheques into my account?
Where can I make a cash withdrawal in pounds in the UK?
What's a Faster Payment?
Making contactless payments
How do I receive money from outside the UK?
Can I use Apple Pay?
Why is my money held when a transaction has failed?
How long will it take for a refund to go back on my card?
How do I get emergency cash?
How do I send a payment to somebody overseas?
Transport for London contactless payments
About contactless cards
What is a One-Time Passcode?
What is Mastercard® Identity Check?
I don't recognise a transaction, what should I do?
Is my money protected?
How will PSD2 affect me?
How can I tell if an email is from you?
How can I use fingerprint and facial recognition to pay online?
What is thinkmoney secure connection?
How will PSD2 affect me?
Following the introduction of the EU Payment Services Directive (PSD2) from 13 January 2018, online services that you allow to access your account data or make payments on your behalf will be regulated by the Financial Conduct Authority.
With your consent, these services can allow you to see all your bank accounts in one place in a mobile app or online. They can also be used to pay for things online, as an alternative to using your debit or credit card.
You might see these services being provided by companies you recognise, such as high street banks, or by other companies who are not banks. There are already a number of companies providing these services in the UK which will need to be regulated.
You may see these services referred to as Account Information Services (AIS) or Payment Initiation Services (PIS).
Bringing these services into regulation means businesses providing them will need to meet requirements designed to protect customers from financial and data loss.
The banking industry is currently working on how to standardise the way data is accessed by these companies, including through ‘open banking’ standards.
Who can provide these services?
From January 2018, companies that are authorised or registered by the Financial Conduct Authority, or another European regulator, can provide AIS or PIS.
The FCA and other European Regulators will add AIS and PIS providers to the registers they keep of all authorised businesses. These registers are publically available.
Before you use one of these services be alert, and make sure you are confident that any organisations you share your information with are who they say they are. You should make sure that you understand the service and that you are happy with who will be providing it to you.
Giving consent for access to account data
When you sign up with a company for account information services, the AIS provider should give you enough information to understand the nature of the service being provided and how it will use your data, including whether it will share your data with anyone else.
Sharing security details
Businesses that provide AIS and PIS often ask you to share your bank security details with them, such as your login and passwords.
Under existing data protection law, these businesses must protect your data and PSD2 will require these businesses to put further measures in place to keep your credentials safe and secure.
Your banking terms and conditions should not prevent you from sharing your credentials with regulated AIS or PIS providers. Your bank cannot hold you responsible for unauthorised transactions just because you have shared your credentials with regulated AIS and PIS providers.
If you notice a payment out of your account that you did not authorise, you should contact your bank as soon as possible. If you did not authorise it you can claim a refund. You should contact your bank to claim a refund even if you think a PIS was used to make the payment.
Making a complaint
You have the right to complain to an AIS or PIS provider if you have a problem with the service they are providing. They must respond to your complaint within 15 days unless there are exceptional circumstances.
If you are not happy with the firm’s response, they reject your complaint or you do not hear from them, you have the right to take your complaint to the Financial Ombudsman Service.
If your complaint is about something your bank has done, for example if a bank has refused to refund an unauthorised payment, you should contact the bank to make a complaint. You have the same right to take your complaint to the Financial Ombudsman Service.
How to protect yourself
We want consumers to enjoy the full benefits that these changes can bring, however there are some important things you should be aware of to ensure your online payments are secure.
You should be vigilant to fraud when using online payment initiation or account information services. If you don’t know who you are talking to, or there is reason to suspect that the provider is not who they claim to be, don’t disclose your banking security credentials, or other personal or financial information/
Read the details
Always read the terms and conditions of a provider of financial services carefully before signing up, this includes the terms and conditions of AIS and PIS providers.
Be data savvy
Make sure you understand and agree with what access you are granting to your account, how the account information will be used and who it may be passed to.
Check your statements
Keep an eye on your bank statements and get in touch with your bank if you don’t recognise a payment.
Companies that access your data need to comply with data protection law. Banks, building societies and other payment services providers, including AIS providers, will be subject to data protection law as well as the requirements of PSD2.
If you have a concern about a breach of data protection law, you can contact the Information Commissioner’s Office.