PSD2 - Secure Open Banking
What is PSD2?
Payment Services Directive 2 (“PSD2”) is a revised European directive allowing you to access your account information and initiate payments through regulated third-party providers in a safe and secure manner. This means that you can permit regulated Third Party Providers access to your account, through a dedicated interface, so that they can:
- Account Information Service (AIS) - Pull together data from different bank accounts you may have, and then aggregate and manage their details in the same place. The data includes a list of all your accounts; account details; balances and transactions, and it can only be pulled after you provide consent.
- Payment Initiation Service (PIS) - Initiate payments from your account on your behalf, enabling you to securely pay at the checkout of any website or top-up another account. The payments can only be initiated with your confirmation.
How does it work?
If you begin using a third-party payment service like an Account Information Service or a Payment Initiation Service, you’ll be redirected to an N26 log in page to provide access, and then asked to provide consent or confirmation of a payment in your N26 app.
Why can't I link any Third Party Provider to my account? In order for you to be able to link a Third Party Provider to your account, the Third Party Provider will need to integrate with our dedicated interface. It is ultimately up to the Third Party Provider to determine which banks to integrate with.
Once I grant a third party provider access to my account, how long do they have access for? Once you give your consent for a Third Party Provider to access your account information, the Third Party Provider has access to this information for a maximum of 180 days before they have to re-request your consent.
Regarding the initiation payments, you will be required to give access for each individual payment.
How can I revoke an individual access permission I have granted to a Third Party Provider? You need to contact the respective Third Party Provider and revoke the access permission directly with them.
*applies to all countries in the EEA.