Open Banking regulations
Open Banking is a series of reforms that means all UK-regulated banks will have to let their customers share their financial data such as spending habits, regular payments and companies they use with authorised providers offering budgeting apps, or other banks via an Application Programming Interface (API) – as long as they give their permission.
Customers can only safely share their financial information with people who are Financial Conduct Authority regulated. Moneyhub Financial Technology is a registered AISP (Account Information Service Provider) and PISP (Payment Initiation Service Provider), reference no. 809360.
Application Programming Interfaces will appear as a redirect from the third party app (like Moneyhub) to the customer’s banking app or banking site, it will ask if they want to allow the app access their finances and be able to show their data for the next 3 months, and once they say yes they'll get redirected back to Moneyhub.
It's a bit like when they sign in to another app via Facebook or Google, it doesn't change or allow unlimited access to the actual account, and they can stop access at any time from their banking app. They'll get prompted every 3 months to reconnect, so they can never accidentally leave the connection running
We encrypt all banking credentials that are put into the app and separate them from a customer's personally identifiable information. To retrieve transaction history these details are automatically unencrypted and used to retrieve any transaction history, then immediately re-encrypted. We at Moneyhub don’t store any login credentials, including passwords.
Moneyhub is a read-only service, so if a Moneyhub account should fall into the wrong hands (for example if a customers phone is stolen and hacked) no one can make any transactions from their account. In addition to this, to access a Moneyhub account a pin-code, password or Touch ID must be provided to log in each and every time.
Our data aggregation partner
Wherever possible we will always use Open Banking to allow access to accounts in Moneyhub. Open Banking sets standards for banking APIs. But the legislation only covers banks, and specifically only current accounts. It doesn’t cover providers like mortgage providers or even other account types at the same bank. Also, not every bank has their API ready. We know that Moneyhub is most useful when able to connect every account possible – that’s why we use another method to allow accounts to be added that aren’t ready for APIs.
We use an aggregation partner, Yodlee, to retrieve bank data so that all transactions come through to the same place. We have chosen to work with Yodlee because they:
Are supervised by the US Banking Regulators (a body similar to the UK’s Financial Conduct Authority).
Provide a trusted service to more than 850 organisations throughout the world, including 11 of the 20 biggest banks in America.
Have a proven 16-year track record of keeping user information safe and secure
Our security procedures
We have certified ISO-27001 information security procedures. This is the same certification used by Google, Microsoft and Amazon. It is an internationally recognised standard that sets out the requirements for firms establishing and maintaining a robust information security management system. It also provides assurance that a firm with accreditation has implemented processes and controls that are secure and have been through rigorous audits and assessments. The certification also demonstrates that we as a company have adopted a proactive rather than reactive approach to managing our consumers data security.
This means we adopt these processes:
A specialist Financial Service compliance team check processes on a monthly basis
A comprehensive risk tracker maps information asset risks back to a series of internal controls
The principle of least privilege is applied throughout the organisation. This is the limiting of access to the minimal level that will allow normal functioning. Staff have the lowest level of user rights that they can possible have to be able to still perform their tasks
Moneyhub Enterprise software teams undergo regular security awareness training and have a continual threat modelling system in place for the software.
Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities and we use best practices and open standards to ensure that we protect against common attack vectors. Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone.
Access to the live system is available only to a small number of people. Any access is done via secure channels.
Our security protocols and techniques
Moneyhub is a registered Payment Initiation Service Provider. This means that we are regulated by the Financial Conduct Authority and have the permission to provide account information services and payment initiation services in the UK.
This status means that banks and other financial institutions that provide payment accounts must allow their users to access their accounts via Moneyhub.
The Financial Conduct Authority & AISP and PISP regulated
The Financial Conduct Authority (FCA) has released some information on a consumer's rights who share their information with a third party application, such as Moneyhub. The following is an excerpt from this information:
"Your banking terms and conditions should not prevent you from sharing your credentials
with regulated AIS or PIS providers. Your bank cannot hold you responsible for
unauthorised transactions just because you have shared your credentials with AIS and
To see more please visit the FCA website here.
Moneyhub Financial Technology is a registered AISP (Account Information) Service Provider) and PISP (Payment Initiation Service Provider), reference no. 809360.
Banking terms and conditions
How we help our customers with their security
Many of our users find that Moneyhub helps them spot suspicious activity and fraud through frequently checking their finances and categorising their transactions.