Find out more about AISPs and PISPs, the importance of giving your explicit consent for services, and how to protect yourself against fraud.
If you allow an online service to access your account data or make payments on your behalf, you must make sure the provider is registered or authorised by us.
An Account Information Service Provider (AISP) lets you see all your payment account information from different bank accounts in one place online or via a mobile app, and can analyse your spending.
AISPs can include budgeting apps and price comparison websites that offer budgeting help and product recommendations.
A Payment Initiation Service Provider (PISP) lets you pay companies directly from your bank account rather than using your debit or credit card through a third-party such as Visa or MasterCard.
Giving your explicit consent for services
Services offered by AISPs and PISPs may be referred to as account information services (AIS) and payment initiation services (PIS).
These services may be provided by companies you recognise, such as high street banks, or by companies other than banks.
Companies can only provide these services if you’ve given them your explicit consent. They should never assume you've given consent.
When you sign up with a company for AIS, the AISP should give you enough information so you fully understand:
- the nature of the service
- how the company will use your data
- whether the company will share your data with anyone else
Checking AISPs and PISPs are registered with us
Always check the Financial Services Register to make sure that a company providing AIS or PIS is registered or authorised. Both AISPs and PISPs must be registered or authorised with us.
You can also contact our Consumer Helpline on 0800 111 6768 to check if AISPs and PISPs are registered or authorised.
Remember, before you use one of these services make sure you are confident that:
- the company you are sharing your information with is genuine
- you understand the service
If you notice a payment out of your account that you didn’t authorise, you should contact your bank as soon as possible and claim a refund. You should contact your bank for a refund even if you think a PIS was used to make the payment.
Find out more about unauthorised payments from your account.
Making a complaint
You have the right to complain to an AISP or PISP if you have a problem with the service they are providing. They must respond to your complaint within 15 days, unless there are exceptional circumstances.
If you’re unhappy with the firm’s response, they reject your complaint, or you don’t hear from them, you can take your complaint to the Financial Ombudsman Service.
If your complaint is about something your bank has done (for example, if it refused to refund an unauthorised payment) you should contact the bank to make a complaint.
You can also complain to the Financial Ombudsman Service, if you’re unhappy with their response.
Find out more about making a complaint.
How to protect yourself
There are some important things you should be aware of when using an AISP or PISP.
- Be alert – you should be vigilant to fraud when using online payment initiation or account information services. If you don’t know who you are talking to, or you think the person is lying to you about who they are, don’t disclose your banking security details, or other personal or financial information.
- Read the details – always read the terms and conditions of a provider of financial services carefully before signing up, this includes the terms and conditions of AISPs and PISPs.
- Be data savvy – make sure you understand and agree with what access you are granting to your account, how the account information will be used and who it may be passed to.
- Check your statements – keep an eye on your bank statements and get in touch with your bank if you don’t recognise a payment.
Companies that access your data need to comply with data protection law.
Banks, building societies and other payment services providers, including AISPs, will be subject to data protection law, as well as the requirements of the Payment Services Regulations 2017 (PSRs).
If you have a concern about a breach of data protection law, you can contact the Information Commissioner’s Office.