Open banking lets trusted companies 'plug in' to your current account data in a secure and standardised way, if you give them permission to do so.
If you’ve tried budgeting apps such as Emma, Plum and Snoop – which link multiple financial accounts in one dashboard – you’ve already used open banking.
Open banking technology is popping up at checkouts too, letting you pay directly from your bank account when shopping with big names such as Amazon, Booking.com, eBay, JustEat and Ryanair.
It's usually called Pay by Bank, though you may spot other names such as ‘pay with my bank account’, ‘online bank payment’ or ‘UK online bank transfer’ instead.
Here we explain the benefits of open banking, how to make the most of it, and how to keep your data safe.
Make your money work harder. Get the best deals, avoid scams, and grow your savings with expert guidance for just £24.50 for a year – that’s half the usual price.
Get 50% off Which? MoneySave 50% – was £49, now £24.50 for a year, offer ends 6 April 2026.
Since 2018 the biggest banks have been required to open up their data: Allied Irish Bank, Bank of Ireland, Barclays, Danske, HSBC (and subsidiary First Direct), Lloyds Banking Group (including Halifax and Bank of Scotland), Nationwide, NatWest Group (including RBS and Ulster Bank) and Santander.
Banks share customer data by publishing what's known as 'open APIs' or application programming interfaces.
This technology is already used by many well-known companies to provide integrated digital services.
For example, Uber overlaps with Google Maps so that customers can request a ride without having to switch to the Uber app, while travel app Citymapper connects to Transport for London data.
The aim is to encourage innovation and improve competition, by making it easier for you to manage multiple financial products and pay companies directly from your bank account.
For example, HMRC has partnered with Ecospend (owned by a regulated provider called Trustly) to let taxpayers pay their bills directly from their bank account using open banking technology and there are budgeting apps that let you bring all of your financial accounts together.
Ultimately, open banking could allow you to manage all of your financial accounts and household bills through a single digital platform, with the option of allowing apps to 'plug in' and offer more personalised and intuitive services.
An app might help you avoid charges or boost your savings by automatically moving money between various accounts. Open banking could also spur action in other markets, by encouraging you to look at your energy or phone bills.
Banks and third-party providers can only 'talk' to each other via the 'Open Banking Directory'.
This is the IT platform which makes it possible for them to exchange information securely via open APIs. To be enrolled on the directory, banks and providers must be appropriately regulated.
There is an online directory of regulated firms enrolled in open banking and you can search for financial products using the open banking system at the official Open Banking App Store. It's worth noting that banks may explicitly state in their terms and conditions that you are responsible for checking that any third-party provider you want to use is authorised, not the bank.
The Financial Services Register will also tell you if a third-party provider is registered and authorised to carry out one or both of these two activities:
Once you've given consent to a regulated third party using open banking, you'll be redirected to your online or mobile banking login page where you'll enter your security details directly – crucially, these details won't be shared with the third party when you do this.
You should always understand exactly what you are agreeing to when you share your data, so don't proceed if this isn't clear.
You should see a list of any firms you've given consent to via online or mobile banking, and you can stop sharing data at any time.
Participating banks and building societies should provide an 'authorisation dashboard' where you can see a list of providers with permission to access your account data. You can withdraw permissions whenever you wish to, at the press of a button.
Third-party providers may also offer a dashboard that lets you easily review and revoke your consent.
No, if you don't want to share your data, you don't have to. Third-party providers will need your explicit permission before they access your data through open APIs.
That means you don't have to opt-out – if you do nothing, your data will not be shared without your consent.
If you see 'Pay By Bank' at the checkout (it may be called something similar such as 'pay with my bank account' or 'online bank transfer') it means you can pay that business directly from your bank account using open banking technology, instead of a card or another payment method like PayPal.
Once you've clicked the relevant button, you select your current account provider from a dropdown menu. You'll then be redirected to your bank's app or website, where you log in as normal eg using fingerprint ID.
You will be asked to approve or decline the payment before being sent back to the retailer, where the purchase is confirmed. At the time of writing, only Metro Bank and The Co-operative Bank were unavailable when we tried to use Pay by Bank at various retailers.
Unlike a manual bank transfer, you don’t need to add any payee details as the details will be pre-populated, which reduces the chance of making a mistake.
Pay by Bank is used predominantly for one-off payments. However, the plan is to enable repeated payments for regular bills and subscriptions, as a transparent, flexible alternative to direct debits. These variable recurring payments are being tested with utility companies, financial services and government agencies first, before being rolled out more widely.
Yes, if you use open banking to make a payment to a business directly from your bank account – instead of using a debit or credit card – you lose Section 75 and chargeback.
Under Section 75 of the Consumer Credit Act, your credit card provider is jointly and severally liable for any breach of contract or misrepresentation by the retailer or trader. It covers primary card holders for credit card payments of £100 to £30,000.
Chargeback applies to credit and debit card purchases of any value, though it's not enshrined in law and each scheme (run by Visa, Mastercard and Amex) has it's own rules.
You don't have these purchase protections when using open banking because you are making a direct bank transfer, not a card payment.
You can still make a claim for repair, replacement, or refunds under the Consumer Rights Act (which states that physical or digital goods and services you buy must be fit for purpose, as described and of satisfactory quality). But, you can't enforce these rights if a retailer has stopped trading or you're dealing with a rogue business.
Open banking is broadly a safe way to share your financial data and make payments. But, regulated firms aren't immune from cyberattacks.
If you notice a payment that you didn't authorise, ask your bank to refund you, even if that payment has been initiated through a third-party provider.
Your bank must refund you immediately, unless it has grounds to suspect fraud or negligence. If the third-party was at fault, the bank can recover the funds from them.
It may be more difficult to get reimbursed by your bank if you share your data with a firm that isn't regulated, or if you fall victim to an authorised push payment (APP) scam – where fraudsters trick you into making a payment into an account under the control.
Bank transfers to UK accounts are eligible for the new mandatory reimbursement scheme for APP fraud and every fraud case should be assessed individually so take your complaint to the Financial Ombudsman Service (FOS) if your bank refuses to reimburse you.
Any regulated third-party providers you share data with is responsible for ensuring any personal data they process, store or transfer is appropriately and securely protected.
Bank account transactions can include highly sensitive personal data about spending habits, political affiliations, medical care, family and friends.
There could also be a complicated chain of providers sharing access to your data, multiple parties could be potentially liable for loss of a personal customer's data though error, attack, or fraud.
You should directly complain to the third-party provider you shared your data with in the first instance, and if they don't resolve the issue, you can lodge a complaint with the Financial Ombudsman Service (FOS).
You can also lodge a complaint with the Information Commissioners Office.
It's still too early to say whether open banking is a huge success. It's worth remembering that Midata – the government's previous attempt to encourage switching by opening up banking data – failed to have any meaningful impact.
Next steps include bringing in mortgages, savings, pensions and investments, not just banking data (referred to as 'open finance'). Ultimately, open banking could expand across sectors such as energy, retail telecoms and transport (the ‘smart data economy').
The industry will be keeping a close eye on tech giants such as Google, Facebook, Apple and Amazon, all of which have the status to transform the payments and banking industry using banking customer data. In the future, it could be that tech firms that manage every aspect of your finances, and banks could be relegated to holding your salary and nothing else.
Such a complicated chain of providers potentially sharing access to sensitive data means the data and financial regulators face a difficult task to ensure consumers and businesses are safe from scammers, mistakes and data breaches.
Which? will be watching closely to make sure they safeguard consumers in this context, and build trust in these services.