What are Open Banking Payments?

What Are Open Banking Payments?

Open banking payments let customers pay you straight from their bank account using secure bank-to-bank transfers, initiated through an authorised third-party provider. The customer skips entering card details. They pick their bank, authenticate in their banking app, and approve the payment. The money moves directly from their account to yours — Visa, Mastercard, and the rest of the card-processing chain don't get a look in.

It's the difference between writing a cheque (money moves between banks via an intermediary) and handing over cash (money goes directly from buyer to seller). Open banking cuts out the middlemen — the card networks, processors, and acquirers — and with them, a significant chunk of the transaction cost.

How Open Banking Payments Work

Open banking sits on a framework of secure APIs that let licensed third-party providers see bank account information and initiate payments — always with the account holder's explicit consent. In the UK, the Competition and Markets Authority set the framework up in 2018, and it's regulated by the Financial Conduct Authority.

The Payment Flow

When a customer pays using open banking, this is what happens:

• They pick the open banking option at checkout or during a phone payment
• They choose their bank from a list of supported ones
• They get redirected to their bank's authentication — usually the banking app — where they review the payment and authorise it
• Once authorised, the bank transfers the money directly to your account
• You get confirmation that the payment's authorised, and the money usually settles in seconds or hours, not the days a card payment takes

The whole thing takes about the same time as a card payment — often less, because there's no 16-digit card number, expiry date, and security code to type in.

Payment Initiation Service Providers (PISPs)

The companies that actually plumb the open banking payments together are called Payment Initiation Service Providers, or PISPs. They're FCA-licensed and have to meet strict security and data protection standards. The PISP is the bridge between you and the customer's bank — they handle the technical integration and make sure the payment goes through securely.

Variable Recurring Payments

One of the more interesting developments is variable recurring payments (VRPs). Direct debits are slow to set up and inflexible. VRPs let you collect recurring payments of varying amounts with the customer's pre-authorised consent. The customer sets the maximum limits; payments within those limits go through automatically. For subscription businesses, utilities, and anyone collecting regular payments, this is a meaningful upgrade.

Why Open Banking Payments Matter for Businesses

Lower Transaction Costs

This is the headline. Card payments cost merchants roughly 1% to 3% of the transaction, plus per-transaction fees. Open banking is significantly cheaper because it skips the card networks, the interchange fees, the scheme fees, and the processor margins. For high-volume businesses, the savings stack up fast.

Faster Settlement

Card payments take one to three business days to land in your account. Open banking, riding on the UK's Faster Payments rails, settles in seconds. That's a direct cash-flow benefit, especially if you're running tight margins or managing working capital carefully.

Reduced Fraud Risk

The customer authenticates directly with their bank — usually with biometric verification in their banking app. That's much harder to fake than a card-not-present transaction, where a fraudster only needs the card number, expiry, and CVV. There are no chargebacks with open banking payments, which removes a real cost and admin burden for merchants.

No Card Expiry Problems

Open banking payments are linked to the bank account, not to a card with an expiry date. For subscription businesses, that removes one of the biggest causes of involuntary churn.

Open Banking and Telephone Payments

Open banking started as an online payment method, but it's increasingly relevant to phone-payment scenarios too.

Pay by Bank During a Phone Call

Some platforms now let an agent kick off an open banking payment during a call. The agent generates a payment request, the customer gets a link by SMS or email that opens their banking app, and they authorise the payment. The customer never reads out a card number. The agent never handles anything sensitive. The payment settles fast enough that the agent can confirm it while still on the call.

Complementing Card Payments

Open banking doesn't replace card payments on the phone — it sits alongside them. Some customers prefer cards, and for those, secure DTMF-based phone payment is still essential. But offering open banking as a second option gives customers more choice and cuts your costs. For high-value transactions in particular, the lower fees can make a real difference.

Reducing PCI Scope

Open banking payments don't touch card data at all, so they sit entirely outside PCI DSS scope. If you're trying to minimise PCI burden, offering open banking alongside secure card payments cuts the volume of card transactions you need to handle through PCI-compliant channels.

Practical Considerations

Customer Adoption

Open banking is still relatively new. Adoption is climbing — millions of open banking payments go through each month in the UK — but plenty of customers will stick with cards. Offer both. That's the pragmatic answer.

Bank Coverage

Not every bank supports open banking, though the major UK banks all do. Before you roll it out, check that the banks your customers actually use are supported by your PISP.

Refund Handling

Refunding open banking payments is fiddlier than refunding cards. Because the money moved via bank transfer, refunds go back the same way as separate transfers. Some PISPs automate this; some don't. Understand the refund process before you go live, not after.

Regulatory Environment

Open banking is regulated. Your providers have to be FCA-licensed, and the payment flows have to meet Strong Customer Authentication requirements. Make sure any integration ticks those boxes.