Account information services

You can allow an account information service provider to create an overview of your bank accounts with one or more banks, and of your payments. This can be helpful for planning your budget. It can also be useful if you need financial advice or wish to purchase a financial product. Account information services involve the use of information about your bank accounts.

Meest gestelde vragen:

What do account information services involve?

Account information services involve creating an overview of your bank accounts with one or more banks, and of your payments. To provide this service, an account information service provider needs access to your bank accounts. You can give your consent for this, but you are not obliged to do so.

What do I need an overview of my payments for?

You can use an overview of your payments in a digital budget planner. This lists your payments by category (such as food, clothing, transport, subscriptions and insurance). This may help you to gain insight into your spending and possibly also to economise. An overview can also be helpful if you need advice on a financial product.

A financial advisor may ask you for such an overview. If you wish to use the services of an account information service provider for this purpose, you can read the information on this website to see what this means. Be aware of what you are doing.

How can I obtain an overview of my payments?

To obtain an overview of your payments, you need to give consent to the account information service provider to access your bank accounts. You need to give your consent for each separate account – whether these accounts are held with the same or with different banks.

If the account information service provider also provides (financial) advice, it must also ask your separate consent for this. It may need a licence issued by the AFM in order to provide advisory services.

I've been asked to give consent for access to my account information. What does this consent involve?

With your consent, an account information service provider can access your bank accounts and obtain information on your receipts, payments and account balances. With your consent and if you explicitly request it, the payment service provider can request this information electronically from your bank

If you have provided this consent earlier, the payment service provider may request this information from your bank for up to a maximum of 90 days.

How do I give consent for access to my account information?

The procedure for giving consent is similar to logging into your bank account. The account information service provider can follow the same verification procedure as your bank. This always involves the following two steps:

1. Your bank or account information service provider first verifies that you are the account holder. They do so by asking for a combination of at least two of the following elements:

  • something you have (e.g. a debit card, security calculator or a mobile phone),
  • something only you know (access code), and
  • a physical characteristic (e.g. fingerprint, iris scan).Please note that if you continue to use the account information service, this identity verification procedure will happen again 90 days after the first time you gave your consent.

2. Subsequently, the account information service provider will ask your explicit consent to use your account information. This request for consent must meet the requirements laid down in the European General Data Protection Regulation. The details have been worked out by the Dutch Data Protection Authority.

How long does my consent for access to my account information remain valid?

Your consent is valid for a maximum of 90 days. Ninety days after the last request for account information and verification of your identity, you must give your consent again.

Can I withdraw my consent for access to my account information?

Yes, you can withdraw your consent for access to your account information. This is not regulated under PSD2, however, your account information service provider should facilitate this, and should clearly inform you of the procedure and of the consequences of withdrawing your consent. The General Data Protection Regulation provides for this.

How do I know if I can trust the company that asks for my consent to access my account information?

PSD2 contains several safeguards regarding the reliability of an account information service provider. Supervision is one of them. If you have any doubts about the reliability of the account information service provider, ask for more information. You can ask, for example, if the service provider is a supervised institution, and who the supervisory authority is. If you still have doubts, or if you suspect that the service provider is not who they say they are, then don't use their services.



What about my privacy in the payment system?

To safeguard your privacy, your payment data must be properly protected. This is why payment data and payment data processing are extensively regulated: the European General Data Protection Regulation applies to your bank as well as to the account information service provider. PSD2 also contains additional requirements for the account information service provider. The most important of these is that your consent is required for access to your bank accounts. If you don't give your consent, your account data will remain with your bank and will not be shared with the account information service provider. In the Netherlands, the Dutch Data Protection Authority and DNB are responsible for supervising your bank's and the account information service provider's compliance with European regulations (such as the General Data Protection Regulation and PSD2).

What about the privacy of those who receive my payment?

With your consent, an account information service provider can access your bank accounts. The service provider can also see payments to and from others. If the beneficiary is a company, this is not a problem. However, if it is a natural person, the account information service provider must respect their privacy. That is why the processing of your payment data is extensively regulated. The European General Data Protection Regulation applies to your bank as well as to the account information service provider. In the Netherlands, the Dutch Data Protection Authority and DNB are responsible for supervising your bank's and the account information service provider's compliance with European regulations (such as the General Data Protection Regulation and PSD2).

Can I check whether a third party is misusing my data?

Your account information service provider is obliged to inform you in advance about what it intends to do with your data, and it must do so in clear and simple language. Supervisory authorities such as the Dutch Data Protection Authority and DNB can check how the account information service provider is using your data. If you have any doubts about whether a third party is misusing your data, you can contact one of these supervisory authorities.