You might have already heard of the EU Payment Services Directive – or as it’s more commonly known, PSD2. It came into effect in January 2018 and has been improving consumer rights and enhancing online security ever since. However, there’s one particular law you probably aren’t aware of at all – and it’s due to take effect in just a few weeks’ time. It’ll affect any third party services you have linked to your Starling account.
Up until now, customers (of all banks, not just Starling), who want to benefit from third party services such as our Marketplace partner Flux’s digital receipt solution, have consented to sharing their data with these providers via a tick box (or something similar). You approved once and were good to go. That’s the bit that’s changing. PSD2 now requires all banks to double-check that customers are still happy to share their data up to once every 90 days. This is PSD2’s way of improving protection for consumers.
What does all of this mean for you?
Well, if you want to keep your third party services going, you’ve got to actively let your bank know within this 90-day timeframe – otherwise they’ll expire. This includes our Marketplace partners: FreeAgent, CreditLadder, Direct Line and so on.
Every bank will approach this differently, but you’ll be pleased to know that at Starling, our engineers have worked hard to make the re-consenting process as painless as possible. A week before the 90-day timeframe is due to expire, we’ll send you a push notification with a deep link, taking you straight to the section of the app where you can review all your data sharing commitments with third parties, the ’Connected Services’ screen. If you miss this the first time we issue it, we will issue it again after 3 days. Alternatively, you can go directly to the Marketplace section within your Starling app, and from there click on the ’Connected Services’ tab. From the Connected Services screen all you need to do is click ’Confirm’ and this will re-authorise data sharing for the third party services you use. This will include any services you might have set up via the Starling Marketplace as well as any external integrations (for example, with the likes of Emma, Yolt and MoneyBox).
Let’s use Flux, the digital receipt solution, as an example (fun fact: they were Starling’s very first Marketplace partner). If you’ve connected your Starling account to Flux, this means you’ve agreed to let Flux have access to your transaction data. So whenever you shop with one of their partner retailers, such as itsu, you can have a digital receipt of your purchases sent back to Starling, which are then viewable in your transaction feed. If you had this integration before 14th September, you will be prompted to confirm you want to continue using the service in early December. Alternatively, if you only linked your account with Flux recently, we’ll send you a prompt to renew your consent 83 days after you first launched the integration. You need to re-confirm you’re happy to share your data with Flux before the 90 day deadline to continue using their service. To renew, simply click on the deeplink in the notification from us, or go directly to the ’Connected Services’ tab in the Starling Marketplace and click ’Confirm’ to renew data sharing. If for some reason you’re unable to confirm within 90 days, you’ll need to re-add Flux in the Marketplace the same way you did when you first linked the service to your account. Don’t forget, though – you’re always free to revoke your consent to data sharing with third parties at any time, irrespective of this new 90 day timeframe.
Consent is obviously important, but so is a seamless user experience – and we think we’ve found the sweet spot right in the middle.