What Is Open Banking? How It Works and Is It Safe
Open banking sounds like fintech jargon. But it's the mechanism that lets you see all your money in one place — without giving your password to anyone.
Open banking is a regulated system where banks share your transaction and balance data with licensed apps — only with your explicit consent and only for read-only access. It is governed by the EU's PSD2 directive, in force since 2018, and supervised by national regulators across Europe. An estimated 64 million people in Europe already use open banking services (Juniper Research, 2024). If you have accounts at two different banks, open banking is what lets you see both in a single screen.
Key takeaways
- Open banking is regulated by the EU's PSD2 directive — the app gets read-only access. It cannot make payments or change your account
- You log in through your bank's official website. The app never sees your password
- All banks in the EU and EEA must support open banking APIs. Major banks like ING, Santander, HSBC, N26, Revolut, and Monzo are all connected
- Connecting an account takes 2-3 minutes. After that, transactions sync automatically
- PSD3 and FIDA (Financial Data Access Regulation) will expand open banking to insurance, investments, and pensions by 2028-2029
What is open banking?
Open banking is a regulated framework where banks provide licensed third-party apps with access to your account data — transaction history and balances — through secure APIs. It exists because of PSD2, the EU's Payment Services Directive 2, which came into force in January 2018 and requires every bank in the EU and EEA to offer this access.
Before open banking, the only way to connect an app to your bank account was screen scraping. You gave your full login credentials to a third-party company, which logged in as you. It had complete access — could theoretically make transfers. There was no regulation, no oversight, no limits.
Open banking replaces that model entirely. Your bank shares data through a secure API with built-in constraints. An AISP-licensed app (Account Information Service Provider) gets read-only access. It cannot see your password. It cannot initiate a transfer. It cannot change any account settings.
What is an AISP?
AISP (Account Information Service Provider) is a licensed entity authorised to access your account information — transactions and balances — in read-only mode. It cannot initiate payments. AISP licences are granted by national regulators: the FCA in the UK, BaFin in Germany, AMF in France, KNF in Poland, and others. There is also PISP (Payment Initiation Service Provider), which can initiate payments — but that requires a separate licence and your explicit authorisation for every single transaction.
Think of it this way: open banking gives an app a reading room pass to a library. It can browse — but it cannot take any books home. And the librarian (your bank) can revoke that pass at any moment.
How does open banking work in Europe?
The open banking framework in Europe rests on three pillars: the legal mandate (PSD2), technical standards (bank APIs), and the licensed providers that connect the two (TPPs — Third Party Providers).
PSD2 — the law that opened the banks
PSD2 (Payment Services Directive 2) entered into force in January 2018 across the entire EU and EEA. It mandates that every bank must provide secure APIs for licensed third-party providers to access customer data — with the customer's explicit consent. The directive also introduced Strong Customer Authentication (SCA), requiring at least two verification factors for every login.
How the connection actually works
Different countries implemented PSD2 differently. The UK mandated the nine largest banks (CMA9) to adopt a common API standard from day one. Poland created PolishAPI — a unified standard covering virtually all banks through a central hub operated by KIR (the national clearing house). Most other countries left it to individual banks, with aggregators like GoCardless, Tink (Visa), Salt Edge, and Plaid bridging the gaps.
The connection flow — step by step
1. You open the app (e.g. Martia) and select your bank.
2. The app redirects you to your bank's official login page — through a secure API.
3. You log in with your credentials. You're giving them to your bank, not the app.
4. Your bank issues a time-limited, read-only authorisation token.
5. The app receives transaction and balance data. Nothing else.
The result: an estimated 500+ licensed TPPs now operate across the EEA, with over 327 registered in the UK alone (EBA Register / FCA, 2024). Whether you bank with ING in the Netherlands, Santander in Spain, or N26 in Germany, the underlying mechanism is the same.
Open banking across Europe
Sources: Kontomatik — Open Banking Statistics 2025, EBA TPP Register
Which European banks support open banking?
Every bank operating in the EU and EEA is legally required by PSD2 to provide open banking APIs. This is not optional — it is a regulatory mandate. In practice, this means if you have an account at any licensed European bank, you can connect it to a budgeting app.
| Bank | Markets | Available in Martia |
|---|---|---|
| ING | NL, DE, ES, PL, BE, + others | Yes |
| Santander | ES, UK, DE, PL, PT | Yes |
| BNP Paribas | FR, BE, IT, PL, LU | Yes |
| HSBC | UK, FR, DE | Yes |
| N26 | DE, AT, FR, ES, IT, + others | Yes |
| Revolut | EU-wide, UK | Yes |
| Monzo | UK | Yes |
| Wise | EU-wide, UK | Yes |
| Deutsche Bank | DE, IT, ES, UK | Yes |
| Commerzbank | DE | Yes |
Through aggregators like GoCardless (which Martia uses), a single integration gives access to over 2,500 banks across Europe. So whether you have a current account with HSBC, a savings account with N26, and a Revolut card — you can see them all in one place. That's particularly useful if you live in one country but bank in another, as we explain in our guide on syncing your bank account with an app.
Is open banking safe?
This is the question everyone asks first. And rightly so — you are granting a third-party app access to your financial data. But open banking was specifically designed to make this process safer than what came before it.
Strong Customer Authentication (SCA)
PSD2 requires Strong Customer Authentication for every connection. That means your bank verifies your identity using at least two of three factors: something you know (password, PIN), something you have (phone, hardware token), or something you are (fingerprint, facial recognition). It's the same mechanism you already use when logging into your mobile banking app.
Read-only access — no payments, no changes
A budgeting app like Martia uses an AISP licence. That means one thing: it can look, but it cannot touch. It sees your transactions and balances. It cannot initiate a payment, change a standing order, or even update your email address. It is the digital equivalent of reading your bank statement — but automatically.
Myth vs. reality
Myth: “If I connect my account to an app, someone could steal my money.”
Reality: An AISP-licensed app has no technical ability to execute transactions. The authorisation token is restricted to read-only access, and every connection is supervised by both the bank and the national regulator. It is like giving someone a view of your balance on an ATM screen — without the card or PIN.
Regulatory oversight and licensing
Every company accessing your bank data through open banking must hold a licence from a national regulator — the FCA in the UK, BaFin in Germany, ACPR in France, KNF in Poland, DNB in the Netherlands. This licence is not easy to obtain and comes with ongoing compliance requirements. There are over 500 licensed TPPs across the EEA (EBA Register, 2024), each subject to regulatory scrutiny.
You stay in control
Consent is digitally verifiable and revocable at any time. If you no longer want an app to access your data — you revoke consent and the connection is severed immediately. No phone calls, no paperwork, no waiting period.
Open banking vs. screen scraping
| Feature | Open Banking (PSD2) | Screen Scraping (old method) |
|---|---|---|
| Your password | Given to your bank, not the app | Given to the third party |
| Access scope | Read-only (AISP) | Full account access |
| Legal framework | PSD2, supervised by regulators | No regulation |
| Revoking access | Instant, digital | Change your password |
| Verdict | Secure, regulated | Risky, outdated |
Let's be honest: concerns about open banking security are understandable, but they're based on an outdated model. It's a bit like worrying about online banking in 2006 — back then it was new and uncertain. Today, we can't imagine life without it.
Don't want to share your password with anyone? You don't have to.
Martia uses open banking — you log in through your bank's own page. Martia never sees your credentials. Connecting takes 2 minutes.
What do you gain from open banking?
Open banking itself is infrastructure — like electricity in a socket. The value appears when you plug something into it. In this case: an app that does something useful with your data.
All your accounts in one place
A current account with ING, a savings account with N26, and a Revolut card for daily spending? Instead of logging into three separate apps and manually adding up balances, you connect them all to one dashboard. Total balance and every transaction — one screen. Like having one remote for three TVs instead of three.
Automatic expense categorisation
When transactions flow in automatically, the app can categorise them automatically. Food, transport, subscriptions, entertainment — without manual entry. This is the thing that makes most people abandon budgeting after two weeks: typing in every purchase is just too tedious.
No more “I don't know where my money goes”
Probably the most common sentence in personal finance. Open banking is the answer — not because it magically finds money, but because it shows exactly where it went. Subscriptions you forgot about, small purchases that add up, recurring payments you never questioned. Once it's visible, you can do something about it.
The Martia One-Connection Method
Instead of logging into every banking app daily, connect all your accounts once — and check your finances in one place. Your full financial picture in 3 seconds instead of 3 minutes. This is not a time-saving hack — it's removing the barrier that stops most people from checking their finances at all.
Is open banking revolutionary? No. It is more like removing an obstacle. Until now, tracking your spending required either iron discipline (manual entries) or risky methods (sharing your password). Now there is a third option: secure, automatic, and regulated. We compare the manual vs. automated approach in our budget app vs. spreadsheet guide.
How to connect your bank account via open banking
Connecting your bank account through open banking is simpler than most people expect. It takes 2-3 minutes — less time than signing up for most websites.
Select your bank in the app
In Martia, pick your bank from the list. All major European banks are supported through GoCardless, covering over 2,500 institutions.
Log in on your bank's page
You are redirected to your bank's official login page. Your credentials go to your bank — Martia does not see them.
Approve read-only access
Your bank asks if you consent to sharing transaction and balance data. Approve it — and from that moment, everything syncs automatically.
That's it. No forms, no document scanning, no waiting for verification. The entire process happens in real time — because your bank is confirming your identity, not the app.
For a detailed walkthrough with screenshots and security FAQs, see our step-by-step guide on how to connect your bank account to a budgeting app.
Adam, założyciel Martia
From the founder
I built Martia because I had 6 bank accounts and zero oversight. I would log into each one separately, manually add up balances in a spreadsheet, forget about subscriptions I was still paying for. Open banking changed that — but I had to build an app first to make use of it. Because the mechanism alone does nothing. It is what you do with it that matters.
3 accounts? 1 screen. 2 minutes to connect.
Connect all your bank accounts to Martia through open banking. Secure, automatic, without sharing your password with anyone.
PSD3 and the future of open banking — what changes?
Open banking is not the end of the road — it is the beginning. The EU is working on regulations that will significantly expand the scope of open financial data.
PSD3 and PSR — new rules, same direction
In November 2025, the European Parliament and Council reached a provisional political agreement on PSD3 and its companion regulation, PSR (Payment Services Regulation). The key change: the rules move from a directive (each country implements its own version) to a regulation (directly applicable across all EU member states). This means no more differences between how Germany, France, or Spain interpret the rules.
What changes in practice? Banks will have to provide APIs that match the performance of their own channels. Users will get a consent dashboard — one place to see which apps have access to their data. And victims of APP fraud (Authorised Push Payment scams) will get full refund protection. Publication in the EU Official Journal is expected in 2026, with implementation 18 months later.
FIDA — from open banking to open finance
Even more ambitious is FIDA (Financial Data Access Regulation) — a European Commission proposal under negotiation since 2025. FIDA extends the principle of open data to insurance policies, investment portfolios, pension accounts, and credit products. Imagine seeing not just your bank accounts, but also your pension fund balance, insurance policies, and investment portfolio in a single app.
Adoption of FIDA is expected in the first half of 2026, with a 30-32 month adjustment period. Realistically, full open finance in Europe is a 2028-2029 prospect. But the direction is clear — more data, more control, more transparency. All in your hands.
Frequently asked questions about open banking
What is open banking?
Open banking is a regulated system under the EU's PSD2 directive where banks share transaction and balance data with licensed apps — only with your consent and only for read-only access. The app cannot make payments or change your account. It is supervised by national regulators such as the FCA (UK), BaFin (Germany), and KNF (Poland).
Is open banking safe?
Yes. Open banking is regulated by PSD2, requires Strong Customer Authentication (two verification factors), and mandates licensing from national regulators. You log in through your bank's official page — the app never sees your password. Access is limited to reading transactions and balances. You can revoke consent at any time.
Can the app make payments from my account?
Not if it uses an AISP licence. AISP grants read-only access. To initiate payments, a company would need a separate PISP licence, and each transaction would require your explicit authorisation. Martia uses GoCardless as an AISP — read-only access only.
How do I revoke an app's access to my account?
You can revoke access at any time — directly in the app or by contacting your bank. Once consent is withdrawn, the app immediately loses access to your data. No password changes required, no phone calls, no paperwork.
What is PSD2?
PSD2 (Payment Services Directive 2) is an EU directive in force since January 2018. It requires banks to share account data with licensed third-party providers at the customer's request. It introduced Strong Customer Authentication, regulates payment service providers, and protects consumers. PSD3 and the Payment Services Regulation (PSR) are set to update and replace it around 2027-2028.
Does the app see my banking password?
No. You log in directly on your bank's official website or app. The budgeting app never sees, stores, or has access to your credentials. It only receives a time-limited token authorising read-only access to transactions and balances.
How do I connect my bank account through open banking?
It takes 2-3 minutes. Select your bank in the app (e.g. Martia), log in on your bank's official page, and approve read-only access to your transactions. From that point, data syncs automatically. See our step-by-step guide for a full walkthrough.
Open banking sounds complicated. Connecting your account doesn't.
Pick your bank, log in on its page, approve read-only access. Done — all your transactions in one place.
Sources and references
- Juniper Research, 2024, “Open Banking: Key Opportunities, Regional Analysis & Market Forecasts 2024-2028”
- Kontomatik, 2025, “Open Banking Statistics Across Europe” — kontomatik.com
- EBA (European Banking Authority), TPP Register — euclid.eba.europa.eu
- European Commission, PSD2 — Directive (EU) 2015/2366 on payment services in the internal market
- Norton Rose Fulbright, 2026, “PSD3 and PSR — from provisional agreement to 2026 readiness” — nortonrosefulbright.com
- European Commission, 2023, FIDA (Financial Data Access Regulation) proposal — financial-data-access.com
- Open Banking Implementation Entity (OBIE), adoption data — openbanking.org.uk
Read more
Bank Account Sync with an App →
How transaction syncing through open banking works and what you can do with it.
How to Connect Your Bank Account to a Budget App →
Step-by-step guide to connecting your account through PSD2 to Martia.
Automatic Expense Categorisation →
How AI categorises transactions from connected accounts and why it changes budgeting.
Budget App vs. Spreadsheet →
Comparing manual spreadsheets with automated budgeting apps powered by open banking.