Open banking opened the floodgates to financial data. It lets us provide a secure and easy way for our users to share their financial data – which we can then use to provide a great service (for example Round-Ups).
Once users pick their bank from a list of providers, they will either be led to complete the authentication in their bank’s app or website – or authenticate right within the Bitstack app when embedded flows are available.
Under the European Payment Service Directive (PSD2) regulation, European banks are required to provide Strong Customer Authentication (SCA); meaning users have to authenticate using two factors of identification.
We don't store your credentials and initiate transactions on your accounts. Our access level is “read-only”.
Bitstack never has access to your online banking credentials, they are stored by our partners Tink or Powens (Budget Insight). A subsidiary of VISA and a European leader, Tink is approved by the FSA in Sweden under the number 556898-2192. They have built the most robust open banking platform in Europe. By connecting your accounts via our partners Tink or Powens, your data is protected under PSD2 regulation.
Once you securely link your bank account, we obtain read-only access to your accounts for 90 to 180 days. In accordance with the second European payment service directive (PSD2), all bank connections must be renewed every 90 to 180 days. This ensures your bank connection remains secure.
*The data transfer from an AISP (in this case, Tink or Powens) to a TPP (third-party provider, Bitstack) requires that the end-user has granted explicit consent a) for the AISP to retrieve the data, b) for the AISP then to transport the data to the TPP, and c) for the TPP to use the data for specific services. Steps b) and c) fall under GDPR regulation.
Note: You can delete a linked account at any moment and directly in the app by tapping on Account > Linked Accounts > [Account A] > Delete the bank connection.