Third Party Providers (TPP) can apparently access my financial information. How is this possible?

Under PSD2 regulations, TPPs are only able to access your account if you’ve given them your explicit consent. There are three main types of TPPs:

  • Account Information Service Providers (AISP) 
    These are organisations that provide account services to customers. They let you see your payment accounts online or via a mobile app. This includes your credit cards and bank accounts, but they can only do this with your consent.

  • Card Based Payment Instrument Issuers (CBPII) 
    These organisations issue card-based payment instruments that can be used to initiate a payment transaction from a payment account held with another payment service provider (such as Barclaycard). CBPIIs may opt to carry out a Confirmation of Funds (CoF) check on your account before executing a transaction, but only if you’ve given explicit consent to the CBPII to perform this check. This check will inform the CBPII whether you have enough funds available on your account to execute a transaction.

  • Payment Initiation Service Providers (PISP)
    These are organisations that allow customers to initiate payments directly from their bank account to other bank accounts rather than using a debit or credit card through a third-party, such as Visa or MasterCard.