You are in

Third party providers

Following a number of changes to the law and regulation you can now give certain permitted companies (third party providers or TPPs) access to some of your accounts, so they can provide you with services such as:

  • Account aggregation: so you can see your accounts with different providers all in one place in a mobile app or online.

    Banks, building societies and price comparison websites will be some of the companies providing this type of service.
  • Payment initiation: so online payments can be made on your behalf, as an alternative to using your debit or credit card.

    Some online retailers will be providing this service.

TPPs can only access your information and provide these type of services if you’re registered for Online Banking and give your consent (if you share your Online Banking details the TPP will be able to see information about your other accounts accessible in your Online Banking).

Before you give consent for any third party provider (TPP) to access your accounts, it’s important that you understand the services they’re providing and how they’ll use your information, including if they’ll be sharing it with anyone. You should also take reasonable steps to ensure that the company is legitimate.

To obtain your consent to access your accounts, TPPs can:

  • Redirect you to Santander, where we’ll take you through a detailed online authorisation process. If you are familiar with the way to log into our Online Banking, then this process will be very similar.
    A One Time Passcode (OTP) will be required to complete the consent process. This will be sent to the OTP mobile number registered with us. Remember you should never share any OTP with anyone, not even Santander staff. Learn more about OTPs
     
  • Some TPPs may not be able to access your accounts this way, so they may ask you to share your Online Banking login details with them. Please note, that even if you share your Online Banking log in details with these particular TPPs, you should never share any OTP with anyone, not even Santander staff. 

Before sharing your details with a TPP you should take reasonable steps to check the TPP is legitimate. In all cases, be vigilant and check the transactions on your account regularly. Once the TPP has your consent and has obtained access to your information, we can’t control how it will be used. See the ‘Be safe’ tab for more information.

Remember you can withdraw and manage your consents at any time in Online Banking. Simply log on, choose ‘Account Services’ then click on ‘Third party providers’ from the menu. If you’ve provided any of your log on details to a TPP see the ‘Be safe’ tab for information about withdrawing your consent.

You can also call us on 0800 9123 123. Our lines are open 7am to 9pm Monday to Saturday and 9am to 9pm on Sunday. If you’re a business customer, you can call us on 0800 731 6666, 8am to 9pm Monday to Friday and 8am to 2pm on Saturday.

Take a look at our Frequently Asked Questions for more information.

Know your rights

  • Third party providers (TPPs) can only provide these services if you agree and they can only access the accounts you have given your consent for.
     
  • TPPs have to provide key information about their services. This should include what data they will have access to and how they will use it or share it. They will also have to tell you what to do if you’re not happy with the service.
     
  • You can withdraw and manage your consents at any time in Online Banking. Simply log on, choose ‘Account Services’ then click on ‘Third party providers’ from the menu. For more information about withdrawing your consent, take a look at our Frequently Asked Questions
     
  • If you’ve provided any of your log on details to a TPP you’ll need to tell them to stop using them to access your information. You may want to order new details to be confident that they can’t be used by anyone you don’t want to access your information.
     
  • We may refuse to give access to a TPP, for example, if we believe there is a risk of fraud.

 

Take responsibility

  • Take reasonable steps to check a TPP is legitimate. Ask them for more details, for example who they are regulated by. UK based TPPs must be registered with the Financial Conduct Authority (FCA), with the exception of those who started operating before 12 January 2016. You can check the FCA register at: register.fca.org.uk/ 
     
  • Be alert. You should be vigilant to fraud when using these services. If there is a reason to suspect that the TPP is not who they claim to be, don’t disclose any information.

    A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Don’t give out personal or financial details unless it is to use a service that you have signed up to, and you’re sure that the request for your information is directly related.
  • Understand what you are agreeing to, by making sure you read the terms and conditions of the TPP carefully.
     
  • Regularly check your accounts and if you notice any activity you don’t recognise, talk to us. To help you stay up to date with your accounts you can set up alerts. If you’re a business customer you can also use the alerts service
     
  • If you notice a transaction that you didn’t authorise you should let us know immediately by calling us on 0800 9 123 123 from 7am to 9pm Monday to Saturday and 9am to 9pm on Sunday. Or if you’re a business customer, 0800 731 6666, 8am to 9pm Monday to Friday and 8am to 2pm on Saturday.
     
  • For more information about your responsibilities and keeping your account safe take a look at your product terms which you can find on your product page, or find out more in our security centre

 

Understand the consequences

  • Once the TPP has your consent and has obtained your information, they’ll be responsible for the security of that data. We can’t control how it will be used.
     
  • Once you have authorised a TPP to make a payment, you may not be able to stop it

 

Keep safe from fraud

  • Never share a Santander One Time Passcode (OTP) with anyone, not even with a Santander employee.
     
  • Never download software or let anyone log on to your computer or devices remotely during or after a cold call.
     
  • Never enter your Online Banking details after clicking on a link in an email or text message.

For more information on how to protect yourself from fraud and scams visit our online Security Centre

Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales. www.santander.co.uk. Telephone 0800 389 7000. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/register. Santander and the flame logo are registered trademarks.