Open Banking regulations
Open Banking is a series of reforms that means all UK-regulated banks will have to let you share your financial data such as your spending habits, regular payments and companies you use with authorised providers offering budgeting apps, or other banks, via an Application Programming Interface (API) – as long as you give your permission.
You can only safely share your financial information with people who are Financial Conduct Authority regulated. Moneyhub Financial Technology is a registered AISP (Account Information Service Provider) and PISP (Payment Initiation Service Provider), reference no. 809360.
Application Programming Interfaces will appear to you as a redirect from the third party app (like Moneyhub) where you'll go to your banking app or banking website, it will ask if you want to allow the app access to your finances and be able to show your data for the next 3 months, and once you say yes you'll get redirected back to Moneyhub.
It's a bit like when you sign in to another app via Facebook or Google, it doesn't change or allow unlimited access to your actual account, and you can stop access at any time from your banking app. You'll get prompted every 3 months to reconnect, so you can never accidentally leave the connection running.
Our data aggregation partner
Wherever possible we will always use Open Banking to allow you to see your accounts in Moneyhub. Open Banking sets standards for banking APIs. But the legislation only covers banks, and specifically only current accounts. It doesn’t cover providers like mortgage providers or even other account types at the same bank. Also, not every bank has their API ready. We know that Moneyhub is most useful when you can connect every account you want to see – that’s why we use another method to allow you to add your accounts that aren’t ready for APIs.
We use an aggregation partner, Yodlee, to retrieve your bank data so that you can see all your transactions come through to the same place. We have chosen to work with Yodlee because they:
Are supervised by the US Banking Regulators (a body similar to the UK’s Financial Conduct Authority).
Provide a trusted service to more than 850 organisations throughout the world, including 11 of the 20 biggest banks in America.
Have a proven 16-year track record of keeping user information safe and secure
We encrypt all your credentials and separate them from your personally identifiable information. To retrieve your transaction history your details are automatically unencrypted and used to retrieve your transaction history, then immediately re-encrypted. We at Moneyhub don’t store any of your login credentials, including passwords.
Moneyhub is a read-only service, so if your Moneyhub account should fall into the wrong hands (for example if your phone is stolen and hacked) no one can make any transactions from your account. In addition to this, to access your Moneyhub account you must provide a pin-code, password or Touch ID to log in each and every time.
We have certified ISO-27001 information security procedures. This is the same certification used by Google, Microsoft and Amazon. It is an internationally recognised standard that sets out the requirements for firms establishing and maintaining a robust information security management system. It also provides assurance that a firm with accreditation has implemented processes and controls that are secure and have been through rigorous audits and assessments. The certification also demonstrates that we as a company have adopted a proactive rather than reactive approach to managing our consumers data security
This means we adopt these processes:
A specialist Financial Service compliance team check processes on a monthly basis
A comprehensive risk tracker maps information asset risks back to a series of internal controls
The principle of least privilege is applied throughout the organisation. This is the limiting of access to the minimal level that will allow normal functioning. Staff have the lowest level of user rights that they can possible have to be able to still perform their tasks
Our security procedures
Moneyhub Enterprise software teams undergo regular security awareness training and have a continual threat modelling system in place for the software.
Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities and we use best practices and open standards to ensure that we protect against common attack vectors. Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone.
Access to the live system is available only to a small number of people. Any access is done via secure channels.
Our security protocols and techniques
Moneyhub is a registered Payment Initiation Service Provider, reference no. 809360. This means that we are regulated by the Financial Conduct Authority and have the permission to provide account information services and payment initiation services in the UK.
This status means that banks and other financial institutions that provide payment accounts must allow their customers to access their accounts via Moneyhub.
When you connect your accounts to Moneyhub, you can rest assured that you are using a regulated service.
The Financial Conduct Authority and AISP and PISP regulation
The Financial Conduct Authority (FCA) has released some information on your rights as a consumer who shares your information with a third party application, such as Moneyhub. The following is an excerpt from this information:
"Your banking terms and conditions should not prevent you from sharing your credentials
with regulated AIS or PIS providers. Your bank cannot hold you responsible for
unauthorised transactions just because you have shared your credentials with AIS and
To see more please visit the FCA website here.
Moneyhub Financial Technology is a registered AISP (Account Information Service Provider) and PISP (Payment Initiation Service Provider), reference no. 809360.
Your banking terms and conditions
Many of our users find that Moneyhub helps them spot suspicious activity and fraud through frequently checking their finances and categorising their transactions.