Open Banking

Home
Digital banking
Open Banking

Open Banking allows you to securely share information with third party providers (TPPs), who can then provide you with a range of services, like giving you budgeting tools to help you manage your money.

Account information sharing

By sharing your information securely with a TPP you could do things like connect your accounts and view all of your balances and transactions in a single place. Plus, you could use product comparison sites to check if there’s a more suitable account for your lifestyle.

Sharing your account information securely

TPPs will require your consent to access your M&S Credit Card account details; it's important you understand the services they are providing and how they will use your information.

There are two ways that a TPP could have access to your account information.

1. Application Programming Interface (API) based access: the TPP will ask you for your consent and you will be securely redirected to M&S Bank's online authentication process. This will be similar to the way you sign in to our Internet Banking service. If you're using our Mobile Banking app, you'll simply be able to use your fingerprint or face to authenticate, where available. If you have any problems authenticating, make sure you follow the process with step-by-step on-screen instructions on how to generate the security code.

Once authenticated, you can select the account you want to share. The TPP will ask for your consent for them to access your account information either as a one-off, or for a period of time. Depending on the duration of the consent you provide, they will ask for your consent every 90 days to carry on accessing your data.

2. Screen scraping access: Before a TPP can access your account, they will need to identify themselves to us. TPPs may then access your accounts by signing in using your Internet Banking security credentials. They'll need to request this information from you each time they need to access your information. The TPP will be able to access information in a similar way to when you use Internet Banking. This is commonly known as screen scraping. TPPs are only legally permitted to access screens and information for account that you have given consent to. This includes the account summary, and balance data. All TPPs that access your information must comply with data protection laws and must be registered or authorised with the Financial Conduct Authority (FCA).

If you're concerned about the data you've shared and feel it may have been used incorrectly, get in touch with us or the TPP as soon as possible. You can also cancel any consents within ‘Open Banking connections’ on digital banking.

Frequently asked questions

TPPs who can access your M&S Credit Card information through Open Banking must comply with data protection laws and must be registered with or authorised by the Financial Conduct Authority or another EU member state's National Competent Authority. The FCA is the UK's National Competent Authority.

You should only input your sign in security details with TPPs that are registered with their respective National Competent Authority, as TPPs across Europe can also offer this service.

You can check that a TPP is legitimate, or find out more information, by contacting them directly or visiting their website. You can also see if a firm is authorised to provide Open Banking services by checking the FCA.

If a company asks you to share information, they have to be clear what they are going to do with it, and how long they will keep it for.

Here are some examples of what data may be shared:

Account name, card account number, account balance and currency
Details of your incoming and outgoing transactions
Details of information contained in your statement
The types of products you have, including benefits, offers, rewards, fees, charges and interest
Name of card account holder

You can choose to stop sharing your information at any time, and when you do, it is with immediate effect.

You can go back to the TPP, who you agreed could access your information, and ask them to stop accessing your account(s). This will usually be via their app or website.

You can also sign in to Internet Banking or the M&S Banking App and select 'Open Banking Connections'. From here you can see all of the TPPs that you have given access to and cancel that access at any time.

We'll notify the TPPs that their access has been cancelled and this may affect the services they provide you.

Any access you’ve given to a TPP where you have given your Internet Banking security details must be cancelled directly with them.

You are not opted in automatically. To take advantage of Open Banking, you will need to provide consent to a regulated TPP. If you'd like to use a TPP to view your M&S Credit Card details, you'll need to be registered for Internet Banking

If you have a problem with something you bought, e.g. if it hasn't arrived or you received the wrong item, please contact the retailer directly.

Account information sharing

Sharing your account information securely

Frequently asked questions

How is Open Banking secure?

What information is shared with TPPs?

How can I stop sharing my information with TPPs?

Am I automatically opted in to Open Banking?

What should I do if I have a problem with a product I bought through Open Banking?

Digital banking