I’m being asked by a Third Party Provider (TPP) for my online banking security logon credentials, is this OK?
Third Party Providers (TPPs) that provide Account Information Services (AIS) or Payment Initiation Services (PIS) often ask you to share your bank security details with them, such as your user name and passwords. The banking terms and conditions that you agreed to with us from 13 January 2018 allow you to do this with regulated AIS or PIS providers, and we cannot hold you responsible for unauthorised transactions if you have shared your credentials with authorised AIS and PIS providers.
Under existing data protection regulations, TPPs must protect your data and PSD2 will require these businesses to put further measures in place to keep your credentials safe and secure.
You should be vigilant to fraud when using online Account Information Services (AIS) or Payment Initiation Services (PIS). If you have any doubts about whether a company is legitimate, you should ask them for more information, for example, who they are regulated by. If you don’t know who you are talking to, or there is reason to suspect that the provider is not who they claim to be, don’t disclose your banking security credentials, or other personal or financial information.