# What is Open Banking and is it safe?

Open Banking explained — what read-only consent means, how FCA regulation protects your data, what information a lender receives, and how to disconnect at any time.

**Site:** [creditcorp.co.uk/learn/what-is-open-banking-and-is-it-safe/](https://creditcorp.co.uk/learn/what-is-open-banking-and-is-it-safe/)

Creditcorp is the growing name for the Credicorp group. Credicorp Limited is the lender behind it — short-term working capital for incorporated UK businesses. No personal guarantee on any product. This page is a guide; applications go to [credicorp.co.uk](https://credicorp.co.uk/).

## Contents

- How Open Banking works
- The security protections in detail
- How to revoke an Open Banking consent
- Five steps to use Open Banking safely
- Open Banking questions
- Ready to apply?

## Step-by-step guide

**Step 1: Verify the provider is FCA-registered**

Before granting any Open Banking consent, confirm that the provider is registered with the FCA as an Account Information Service Provider. The FCA publishes a public register at the FCA website — search the provider's company name or firm reference number. Any legitimate Open Banking provider will be on this register. If they are not, do not proceed.

**Step 2: Understand what you are consenting to**

When the bank's consent screen appears, read the scope carefully. It will state the provider name, the data it is requesting (typically transactions and balances), and the duration of the consent. Check that the duration matches what the provider told you — most lenders request a short window (30 to 90 days) for affordability assessment, not an indefinite or rolling consent.

**Step 3: Complete authentication through your bank, not the lender**

Open Banking authentication always happens through your bank's own interface — either your banking app or the bank's web portal. The lender does not see your login credentials at any point. If a lender asks for your online banking username and password directly (instead of redirecting to your bank), stop immediately — that is not Open Banking, it is unsafe.

**Step 4: Note where to manage the consent**

Once granted, find where your bank lets you view and revoke active Open Banking consents. This is usually in your banking app under "Settings", "Connected apps" or "Data sharing". Knowing this location before you grant consent means you can revoke it easily if needed.

**Step 5: Revoke access once the assessment is complete**

Once the lender has completed its assessment, you can revoke the Open Banking consent. Log into your banking app, navigate to the connected apps or data sharing section, and disconnect the lender. This is optional — the data already accessed is held under the lender's data protection obligations — but revoking prevents any further data access.

## Frequently asked questions

**What is Open Banking?**

Open Banking is a regulated system that allows a company to securely share read-only access to its bank transaction data with a provider it explicitly chooses. It was mandated in the UK under PSD2 (the Payment Services Directive 2) and is overseen by the FCA (Financial Conduct Authority). Every provider that accesses bank data via Open Banking must be registered with the FCA as an Account Information Service Provider (AISP). Open Banking does not give the provider access to move money — it is read-only.

**Is Open Banking safe?**

Yes. Open Banking is a regulated framework with strong protections. The connection uses OAuth2 — an industry-standard secure authorisation method, the same approach used to log in with Google. The bank itself controls the authentication. The provider never sees your banking username or password. Access is read-only: no provider can initiate payments or move money via an Open Banking consent. Data is encrypted in transit. Consents are time-limited and revocable at any time.

**What data does the lender actually receive?**

The lender receives a read-only view of transaction data — typically 12 months of bank transactions, account balances, and income and outgoing patterns. It cannot see the company's login credentials, future pending payments (beyond those visible in the account), or accounts not covered by the consent. The data received is the same data the company can see in its own online banking — no more, no less.

**Can the lender move money or set up payments via Open Banking?**

No. An Account Information Service Provider (AISP) consent is strictly read-only. Moving money requires a separate regulatory permission — a Payment Initiation Service Provider (PISP) consent, which is a completely separate and distinct authorisation. A lender using Open Banking for affordability assessment is operating under AISP permissions. It cannot initiate any payment or transfer via the same consent.

**How do I disconnect Open Banking access?**

You can revoke Open Banking consent at any time, in two ways. First, directly through your bank — every UK bank with Open Banking must provide a consent management interface (usually in the online banking portal under "connected apps" or "data sharing") where you can revoke any active consent. Second, through the provider themselves — a request to the lender to revoke the consent must be honoured. Revocation is immediate: from the moment consent is revoked, the provider can no longer access transaction data.

## About Creditcorp / Credicorp

Credicorp Limited is a UK short-term business lender. Products: Business Bridging Loan (14–84 days, 0.25%/day), Credicorp Flex (revolving credit, 0.25%/day on drawn balance), Credicorp Slice (invoice-backed, flat fee). Incorporated UK companies and LLPs only. No personal guarantee. No debenture. Same-day decisions. Total charges capped at 100% of principal.

- [Apply or get a quote](https://credicorp.co.uk/)
- [Products overview](https://credicorp.co.uk/products/)
- [Eligibility](https://credicorp.co.uk/eligibility/)
- [All learn guides](https://creditcorp.co.uk/learn/)