Warning: Scammers may contact you by phone or email and claim to be from De Nederlandsche Bank. Do not respond! We will never contact you by phone or email. And we will never ask you to provide personal details or transfer money. Read more

A quarter of Dutch consumers shared payment data in exchange for services

Read aloud

Published: 19 November 2020

A quarter of the Dutch consumers authorised the use of their payment data during the past 12 months in exchange for the provision of new services based on these data, according to a survey conducted by De Nederlandsche Bank (DNB). Consumers predominantly authorised their own banks; other companies were only occasionally given permission. This outcome is in line with the high public confidence in banks. Payment data are perceived as highly privacy-sensitive, also compared to other types of data.

The revised Payment Services Directive (PSD2), implemented in 2019, aims to increase innovation, competition and security in the European payment market by encouraging both current and new service providers to develop and offer new types of services. A case in point is account information services. Payment service providers use the information they derive from the transaction data of a person’s payment account to offer such account information services. Think, for example, of an overview of income and expenses, which gives account holders a better understanding of their financial situation. Account holders must give a service provider their explicit consent to access payment data. 

Little is known about the extent to which Dutch consumers share their payment data with third parties. The information is difficult to obtain, because also non-bank service providers in the Netherlands and abroad can provide these services. In August 2020 we therefore carried out a survey among members of the CentERpanel to collect more information about payment data sharing. 

A quarter of respondents agree to use of their payment data

In the first year in which PSD2 was in force, a quarter of the Dutch respondents authorised the use of their payment data in exchange for new services. Young people are more inclined to give consent than older people. Consumers said they predominantly authorised the banks with which they have their main payment account (Figure 1). But a small part of them also granted access to other parties. For example, only 2% of respondents allowed large technology firms – such as Apple, Facebook and Google – access to their payment data. Banks therefore appear to have a strong competitive position in this new market. 

Figure 1. Consumers predominantly authorise own bank to use payment data
Share of respondents giving consent for payment data use in the first PSD2 year

Consumers predominantly authorise own bank to use payment data

Source: CentERpanel 2020. Note: Respondents indicated for each service provider whether they gave consent. 2,593 respondents. *Only answered by 1,209 respondents with accounts at multiple banks. 

An important reason for the strong competitive position of banks in offering services based on the use of payment data is that consumers have more confidence in their own bank than in other parties. Confidence in the bank of customers’ main payment account is highest: on average 3.4 on a scale ranging from 1 “very little confidence” to 5 “very much confidence”. Big techs have not yet succeeded in gaining the confidence of consumers. They score an average of 1.9. 

Explanation: payment data are very privacy-sensitive

Respondents were asked to indicate how privacy-sensitive certain data are on a scale of 1 (not privacy-sensitive) to 7 (very privacy-sensitive). Dutch consumers find payment data about purchases, payments and withdrawals very privacy-sensitive, also compared to other types of data such as internet search behaviour and location data of their smartphones (see Figure 2). Payment data, in terms of privacy sensitivity, score just a little below data on wealth and debt, and health data. Personal identification data are perceived as the most privacy-sensitive information. The privacy sensitivity of payment data explains why consumers are reluctant to allow companies they do not trust much to use these data. 

Figure 2 Payment data are perceived as very privacy-sensitive
Response shares

Payment data are perceived as very privacy-sensitive

Source: CentERpanel 2020. Note: 2,559 respondents. The average privacy sensitivity is in brackets behind the type of data. 

Limited growth expected among new entrants

The willingness of consumers to give new entrants to the payment market access to their payment data in exchange for PSD2 services in the coming year is likely to remain limited. Respondents were asked about the likelihood that they would give permission to various types of payment service providers to use their payment data in 2021. The average likelihood is highest for banks with which respondents have their main payment accounts (26%), followed by other banks they are already customers of (11%), and lowest for webshops, big tech firms, banks they are not customers of and lenders (in all cases: 2%). 53% of respondents indicated a probability of 0% for all providers. These respondents definitely do not want to give permission to any party. 

These results indicate only a limited growth potential in the use of PSD2 services offered by non-bank payment service providers in the second year of PSD2 in the Netherlands. They also indicate that the competitive position of banks is expected to remain strong. It is striking, however, that a large proportion of Dutch consumers have not yet been offered new services; not by their banks, nor by other parties. Consumers’ attitude may still change in case this happens. Further growth in payment data services could also be stimulated by giving consumers more control over the use of their own data and providing them with better insight. This may solve part of the confidence issue and will allow them to reap more benefits from such data use. In addition, safe handling of the data remains important, as much value is attached to the privacy of payment data.