Open Banking allows you to securely share information with third party providers (TPPs), who can then provide you with a range of services, like making payments and giving you budgeting tools to help you manage your money.
Account information sharing
By sharing your information securely with a TPP you could do things like connect your accounts and view all of your balances and transactions in a single place. Plus, you could use product comparison sites to check if there’s a more suitable account for your lifestyle.
Sharing your account information securely
TPPs will require your consent to access your M&S Bank payment accounts; it's important you
understand the services they are providing and how they will use your information.
There are two ways that a TPP could have access to your account information
Application Programming Interface (API) based access: the TPP will ask
you for your consent and you will be securely redirected to M&S Bank's online authentication
process. This will be similar to the way you sign in to our Internet Banking service. If you're using
our Mobile Banking app, you'll simply be able to use face recognition or Touch ID to authenticate it,
If you have any problems authenticating, make sure you follow the process with step-by-step on-screen
instructions on how to generate the security code.
Once authenticated, you can select the accounts you want to share. The TPP will ask you
for your consent for them to access your account information either as a one-off, or for a period of time.
Depending on the duration of the consent you provide, you may be required to refresh their access every 90
days through our online authentication process.
Screen scraping access: Before a TPP can access your account, they will
need to identify themselves to us. TPPs may then access your accounts by signing in using
your Internet Banking security credentials. They'll need to request this information from you each
time they need to access your information. The TPP will be able to access information in a
similar way to when you use Internet Banking. This is commonly known as screen scraping.
TPPs are only legally permitted to access screens and information for accounts that you
have given consent to. This includes the account summary, payee information and balance data. All TPPs that access your information must comply with data protection laws and must be registered or
authorised with the Financial Conduct Authority (FCA).
If you're concerned about the data you've shared and feel it may have been used incorrectly, get in
touch with the organisation or the TPP as soon as possible.
Making payments with Open Banking
Open Banking Access
You'll be asked for your consent by the TPP before being
redirected to M&S Bank for authentication, much like account information sharing.
TPPs can ask you for the sort code and account number of where the payment will come from,
or you can select those details after the authentication process and confirm the payment to be made.
When the process is complete we'll send the requested information to the TPP, or
make the payment.
Via Internet Banking
TPPs will ask you to input your Internet Banking security credentials into their website
or app. Using this information they'll be able to initiate payments in a similar way, as if
you were signed in to Internet Banking directly.
How card based payment instructions work
A payment method known as 'card-based payment instrument issuer' has been introduced, which
allows a TPP to issue you with a card that you can link to your payment account(s).
You can make payments with that card and the TPP will ask us for confirmation that you
have the funds in your account.
We'll only respond with a 'yes' or 'no' answer. If the TPP
wants to access the funds in your account(s), they'll need to make separate arrangements with
If you experience a problem with your TPP issued card, get in touch directly with the
organisation or TPP who issued the card.
Need more information?
Visit the Open Banking website for more information.
If you have a technical problem with making payments, or if you believe a third party has accessed
information through screen scraping which they shouldn't have, let us know by calling 0345 900 0900.
Lines are currently open 8am - 8pm due to Covid-19 and we'll do everything we can to sort it out straightaway. This line will be open 24/7 once normal business resumes.
If you are not happy with any of our services, please visit our complaints and feedback