The new Payment Services Directive or PSD2 is a European regulation that aims to increase the security of online transactions to create more competition, allow the introduction of new non-bank providers of payment services and to foster innovation in the world of payments. Through PSD2, other businesses can gain access to your payment details. Banks are required to provide access but only if you want them to and have given express consent for it. Otherwise they can't.

What will I notice about this change?

To begin with, not very much. But there will eventually be new types of digital services and new payment methods in (online) shops, from start-ups but also from other companies (Providers of payment services). And from us, of course, because we are also busy developing new services for you. So that you can organise your finances more easily.

What is ING allowed to share of my account details?

After your permission, we will share your transaction details and your balance. Transaction details include: Your account number Your name Name of the beneficiary The beneficiary's account number Notification or payment reference Amount and date of the transaction Before you give permission to a payment services provider, check properly that you really know the provider and whether it is logical for them to request this permission. For example, because you want to use one of the company's services for which they need these details.

What about my privacy?

Protecting your data is our priority and we will only share payment details with other providers of account aggregation and payment initiation services if you want us to, and only after you have given your consent to the provider beforehand. You will be able to revoke the consent at any time from the provider of payment services. And if you do give permission, we will first check that the provider is registered with the National Bank of Belgium and not just once, but every time that company tries to obtain access to get information. We also check that the validity period for your permission to that provider has not yet expired. We share your payment data based on strong customer authentication, as is already the case, for example, when you make payments via our channels. Companies may only use your data for the purpose for which you have given your consent. First of all check the terms and conditions and the privacy statement of the providers you want to share your data with. So you know how they are going to handle your data.

What should I be aware of?

The PSD2 provides new services that can make organising your finances easier. Nevertheless, giving access to your current account is something you need to be careful about. Before you give permission to a payment service provider, check properly that you really know the provider concerned and whether it is logical for them to request this permission. For example, because you want to use one of the provider's services for which they need the details. When asked to make a payment, check that the amount and the description are correct. Also, check the terms and conditions and the privacy statement of the company you want to share your data with beforehand. So you know how they are going to handle your data. In addition, the new PSD2 regulation could lead criminals to send phishing e-mails . So stay alert.

What are the benefits for me?

The PSD2 allows other businesses (payment service providers) to access to your payment details. Banks are required to provide access but only if you want them to, based on your explicit consent given to them, otherwise they can't. The payment service providers will be able to offer you 3 types of services: Account aggregation: you will be able to consult your payment transactions and the balance of your current account(s) held at different banks via one screen. (Account information service) You will be able to initiate payments with your accounts at different banks from the platform of another provider. (Payment initiation service) A provider of payment services could ask if there is enough money in your current account to carry out a card transaction. (Balance check) ING, of course, will offer these types of services as well. So you can easily manage your finances and your budget.

I don't want to share my data. What should I do?

Absolutely nothing. Because you only need to do something if you do want to give permission, your account details will therefore not be shared if you don't give permission.

Can I withdraw this consent at any time?

Yes, you can. The decision to share your payment details always lies with you. You can therefore withdraw this consent again at any time, via the company to which you originally gave your consent.

Is my personal data still safe with ING?

Protecting your data is our priority, so we will only share details with other providers of payment services if you want us to, and only after you have given them your express permission beforehand. And even if you do give permission, we will check whether that provider is registered at the National Bank of Belgium. Not just once, but every time that provider requests to obtain access to get information. We also check that the validity period for your permission to that provider has not yet expired. We share your payment data based on strong customer authentication, as is already the case when for example you initiate payments via our channels.

What if my beneficiary uses account information service?

If you are transferring money to someone who uses an account information service which you don’t, the account information service provider will still receive the transaction data with your name, account number, description and the amount transferred by you. Because banks are legally required to share the transaction details through PSD2. But the account information service provider is not allowed to use your transaction details for other purposes, without your express consent.

Is it safe to share my data with other companies?

We only share your data with other providers of payment services when you have given express permission for that. The provider must also be registered with the National Bank. Such providers only receive permission if they satisfy strict requirements to get a license. Giving access to your current account is something you need to be careful about. Before you give permission to a company, check properly that you really know the provider concerned and if it is logical for them to request the permission. For example, because you want to use one of the company's services for which they need these details. When asked to make a payment, check that the amount and the description are correct. Also, check the terms and conditions and the privacy statement of the company you want to share your data with beforehand. So that you know how they are going to handle your data. In addition, the new PSD2 regulations could lead criminals to send phishing e-mails . So stay alert.

New Belgian law for payment services