Open Banking and third party services

Open Banking can let you see all of your accounts, wherever you bank, together in one place.

Open Banking allows you to securely share information with third party providers, who can then provide you with a range of services, like making payments and giving you budgeting tools to help you manage your money.

How Open Banking can help you:

  1. Account information sharing: by sharing your information securely with a third party provider you could do things like connect your accounts and view all of your balances and transactions in a single place. Plus, you could use product comparison sites to check if there’s a more suitable account for your lifestyle.
  2. Making payments: you'll be able to send money directly from your M&S Bank account through third party providers in just a few steps.
  3. Confirmation of funds: make payments using a card issued by a third party provider and allow them to check if you have enough funds in your payment accounts to cover those payments.

Sharing your account information securely

Third party providers will require your consent to access your M&S Bank payment accounts; it's important you understand the services they are providing and how they will use your information.

There are two ways that a third party provider could have access to your account information

  1. Application Programming Interface (API) based access: the third party provider will ask you for your consent and you will be securely redirected to M&S Bank's online authentication process. This will be similar to the way you sign in to our Internet Banking service. If you're using our Mobile Banking app, you'll simply be able to use face recognition or Touch ID to authenticate it, where available.

    If you have any problems authenticating, make sure you follow the process with step-by-step on-screen instructions on how to generate the security code.

    Once authenticated, you can select the accounts you want to share. The third party provider will ask you for your consent for them to access your account information either as a one-off, or for a period of time.

    Depending on the duration of the consent you provide, you may be required to refresh their access every 90 days through our online authentication process.

  2. Screen scraping access: Before a third party provider can access your account, they will need to identify themselves to us. Third party providers may then access your accounts by signing in using your Internet Banking security credentials. They'll need to request this information from you each time they need to access your information. The third party provider will be able to access information in a similar way to when you use Internet Banking. This is commonly known as screen scraping.

    Third party providers are only legally permitted to access screens and information for accounts that you have given consent to. This includes the account summary, payee information and balance data. All third parties that access your information must comply with data protection laws and must be registered or authorised with the Financial Conduct Authority (FCA).

    If you're concerned about the data you've shared and feel it may have been used incorrectly, get in touch with the organisation or the third party provider as soon as possible.

Making payments with Open Banking

API-based payments

You'll be asked for your consent by the third party provider before being redirected to M&S Bank for authentication, much like account information sharing.

Third party providers can ask you for the sort code and account number of where the payment will come from, or you can select those details after the authentication process and confirm the payment to be made.

When the process is complete we'll send the requested information to the third party provider, or make the payment.

Screen scraping payments

Third party providers will ask you to input your Internet Banking security credentials into their website or application. Using this information they'll be able to initiate payments in a similar way, as if you were signed in to Internet Banking directly.

How card based payment instructions work

A new payment method known as 'card-based payment instrument issuer' has been introduced, which allows a third party provider to issue you with a card that you can link to your payment account(s).

You can make payments with that card and the third party provider will ask us for confirmation that you have the funds in your account.

We'll only respond with a 'yes' or 'no' answer. If the third party provider wants to access the funds in your account(s), they'll need to make separate arrangements with you.

If you experience a problem with your third party provider issued card, get in touch directly with the organisation or third party provider who issued the card.

Need more information?

You can also refer to the Open Banking website for more information.

If you have a technical problem with making payments, or if you believe a third party has accessed information through screen scraping which they shouldn't have, let us know by calling 0345 900 0900. Lines are currently open 8am - 8pm due to Covid-19 and we'll do everything we can to sort it out straightaway. This line will be open 24/7 once normal business resumes.

If you are not happy with any of our services, please visit our complaints and feedback page.


How is Open Banking secure?

Third party providers accessing your payment accounts must comply with data protection laws and must be registered with or authorised by the Financial Conduct Authority (FCA) or another EU member state's National Competent Authority. The FCA is the UK's National Competent Authority.

To be confident that a third party provider is legitimate, or to find out more information, contact them directly or visit their website. You can also see if a firm is authorised to provide Open Banking services by checking the FCA register.

You should only input your sign-in credentials with third party providers that are registered with their respective National Competent Authority, as third party providers across Europe can also offer this.

What type of payments can I make with Open Banking?

For payments within the UK, you can make an immediate payment, set up a future dated payment or set up a standing order.

What information is shared with third party providers?

If a company asks you to share information, they have to be clear what they are going to do with it, and how long they will keep it for.

Here are some examples of what data may be shared:

  • Account name, number and sort code, card number (credit card only), account balance, currency or any other name by which you refer to your accounts
  • Details of your Direct Debits; standing orders; recurring, future-dated payments; and details of payee agreements that you may have set up
  • Details of your incoming and outgoing transactions
  • Details of information contained in your statement
  • The types of products you have, including benefits, offers, rewards, fees, charges and interest
  • Name(s) of all account holders

How can I stop sharing my information with third party providers?

You can choose to stop sharing your information at any time, and when you do, it is with immediate effect.

You can go back to the third party provider, who you agreed could access your information, and ask them to stop accessing your account(s). This will usually be via their app or website.

If the access has been set up via an Open Banking API, you can sign in to your Internet Banking to see all of the consents you have given to third parties on the Access Management Dashboard or view them on the Open Banking Dashboard in the M&S Banking App. From here, you can cancel your access to stop sharing your information.

We'll notify the third party providers that their access has been cancelled and this may affect the services they provide you.

Am I automatically opted in to Open Banking?

You are not opted in automatically. To take advantage of services by third parties, you will need to provide consent to a regulated third party provider.

But, if you don't provide your consent to the third party provider, or don't authenticate with us, your information won't be shared.

If you'd like to use a third party provider with an M&S account, you'll need to be registered for Internet Banking

What should I do if I have a problem with a product I bought through Open Banking?

If you have an issue with a product you bought, if it hasn't arrived or you received the wrong item, please contact the retailer directly.

Other acronyms

Financial Conduct Authority

The FCA is the independent body that regulates the UK's financial services industry

Competition & Markets Authority

The CMA is the UK statutory authority responsible for strengthening business competition

Payment Services Regulations 2017

Payment Services Regulations 2017 is the piece of UK legislation that helps enable Open Banking