What Open Banking means for our members

Open Banking promises to change the way we all manage our money online. You might have heard of some of the things it’ll soon make possible. Or it may be completely new to you. We’ve answered some questions to help you understand Open Banking.

Open Banking is completely optional and not obligatory. If you don’t want to use it, then you can continue to use our services as you do today. There’s no need to opt out.

If you choose to use Open Banking, it only works with your explicit consent, so none of your current account information will be shared without your say-so. Take a look at our other questions for more information about giving your consent.

It all happens online, so you’ll need to be registered for our Internet Bank and have logged on at least once to use the service. You’ll initially need to give consent to the TPP in whatever way they request (this may involve ticking a box on their website for example).

You’ll be redirected from the TPP site to our secure interface where you’ll need to enter your Internet Banking login details, so we can be sure we are dealing with you. We also run our own security checks and, if the TPP is not on the Open Banking Directory, they don’t pass go and the account request will be declined.  We won’t share any information with anyone who’s not registered on the directory.

At TPP will be able to initiate a one-off immediate payment from your account, standing order and forward dated payment following your consent. In the future you may also be able to give a TPP authority to make different types of payments on your behalf.

Once you have given a TPP your consent, they can request your current account information information either as a one-off request, or the consent can be left open for up to 90 days for the information to be refreshed.  After the 90 day period is up, they will need to ask for your consent again.

A third party provider is authorised by the FCA (or an FCA-equivalent regulator from another EU country) to access information and/or give instructions to make payments from an account operated by a Bank or Building Society, but only if the account holder as given them authorisation to do so.

We want to make sharing account information and making a payment via Open Banking as secure as possible, so we’ve put five safeguards in place for our members:

  1. All Third Party Providers (TPPs) have to be approved by the Financial Conduct Authority (or an FCA-equivalent regulator from another EU country) before they can register to appear on the Open Banking Directory.
  2. No TPPs can access your account information or make a payment without your consent. 
  3. When the TPP asks you to give them access to your current account information, you’ll be redirected to our secure interface. We run our own security checks and, if the TPP is not on the Open Banking Directory, they don’t pass go.
  4. For each request, you’ll need to log in on our secure interface using your card reader or pass number and memorable information - in the same way as you do now on our Internet Bank. 
  5. The API (Application Programming Interface) technology that lets us share your current account information with Third Party Providers is secure.

Third Party Providers (TPPs) have to be authorised by the Financial Conduct Authority (or an FCA-equivalent regulator from another EU country) and registered on the Open Banking Directory. We won’t share information through Open Banking with any TPP that isn’t authorised or registered. You can find out if a TPP is authorised on the FCA website.

  • Information about your current account product. For example, if there’s a monthly fee. 
  • Details of Direct Debits or standing orders – who you pay that way and how much.
  • Your account balance and day-to-day transactions.
  • The interest you’re earning or paying, as well as any charges.

It’s entirely up to you whether you share your information in this way – you don’t have to. As your building society, we remain as committed as ever to keeping your information and money safe.

You can stop sharing your data through our Internet Bank and Banking App.

You can also stop sharing your data through most TPPs by logging in to their service and following their process to revoke your authorisation. This will stop your data being shared. To update your Nationwide account you will need to log in to the Banking App or the Internet Bank.

You can do this at any time within 90 days of sharing your data, after which the sharing will automatically be stopped unless you choose to extend it, which you can do through your chosen TPP.

With Open Banking, there's no need for you to share your account login details, PIN or passwords with anyone at any time. It will provide the same level of security that we apply to our Internet Bank and Mobile Banking App. However, some organisations who you may want to give access to may not use Open Banking but, instead, may ask you to share your internet bank log in details with them.

In both instances you should be alert - you should be vigilant to fraud when using online payment initiation or account information services. If you don’t know who you are talking to, or there is reason to suspect that the provider is not who they claim to be, don’t disclose your banking security credentials, or other personal or financial information.

  • Read the details - always read the terms and conditions of a provider of financial services carefully before signing up, this includes the terms and conditions of TPPs.
  • Be data savvy - make sure you understand and agree with what access you are granting to your account, how the account information will be used and who it may be passed to.

Want to know more about Open Banking?