Using Open Banking Safely

5 minutes Understanding Your Funding

Open Banking is the secure technology SAPI uses to access your payment processing history for underwriting your application. Many customers are understandably cautious about sharing financial data. This guide explains what Open Banking is, how it protects you, and why it's the safest way to share your payment history with SAPI.

Definition:
Open Banking is a secure, regulated system that lets you grant third parties (like SAPI) read-only access to your financial transaction data.

Established: 2018 in the UK (by Competition and Markets Authority)

Regulation: Governed by Payment Services Regulations 2017

Used by: Millions of UK consumers and businesses for secure data sharing with fintech companies, lenders, budgeting apps, and more.

Traditional way (before Open Banking):
- You download statements manually
- Email or upload PDFs to SAPI
- Time-consuming, error-prone
- Risk of forgery or manipulation

Open Banking way:
- You authorize SAPI via secure connection
- Your payment processor (Stripe, Square, etc.) sends data directly to SAPI
- Instant, accurate, verifiable
- No manual downloading or uploading

Open Banking providers must be:
- Authorized by the Financial Conduct Authority (FCA)
- Compliant with strict security standards (PSD2/SCA requirements)
- Regularly audited for compliance

SAPI's Open Banking provider: [Uses FCA-authorized Open Banking platforms]

All data is encrypted:
- TLS 1.2+ encryption in transit (same as online banking)
- End-to-end encryption
- No data transmitted in plain text

Secure as online banking:
Open Banking uses the same security standards your bank uses for your online account access.

What SAPI can do:
- View transaction history (amounts, dates)
- See payment processing volumes
- Analyze sales trends

What SAPI CANNOT do:
- Make transactions or payments
- Transfer money from your accounts
- Change your payment processor settings
- Access your customers' personal data
- View your login credentials

Analogy: Like showing someone a photocopy of your bank statements—they can see the information but can't access your actual account.

You decide:
- When to grant access (you must actively authorize)
- How long access lasts (typically 12-18 months, then auto-expires)
- When to revoke access (you can disconnect anytime)

No permanent access:
Unlike giving someone your password, Open Banking access is temporary and revocable.

Critical security feature:
You NEVER share your payment processor password with SAPI.

Process:
1. SAPI sends you a secure link
2. Link redirects you to your payment processor's official website (Stripe.com, Square.com, etc.)
3. You log in on your processor's website (SAPI never sees your login)
4. You authorize SAPI to access data
5. Connection established without SAPI ever knowing your password

When you authorize Open Banking, you see exactly:
- What data will be shared (transaction history, balances, etc.)
- Who will receive it (SAPI Group Limited / SAPI Origination Limited)
- How long access will last (typically 12-18 months)

No hidden access to other accounts or data.

Transaction data:
- Date and amount of each transaction
- Total daily/weekly/monthly sales
- Refunds and chargebacks (amounts only)
- Payout schedule from processor to your bank

Customer information:
- Customer names
- Customer email addresses
- Card numbers (even partial)
- Customer addresses or personal details

Your credentials:
- Login passwords
- API keys
- Security questions/answers

Other accounts:
- Personal accounts not connected
- Other business accounts not authorized
- Non-payment-related transactions

Step 1: SAPI sends you a secure link via email

Subject: "Connect Your Payment Account to Complete Your Application"

Step 2: Click the link (it's unique to your application and expires after 7 days)

Step 3: Select your payment processor from the list (Stripe, Square, SumUp, Worldpay, etc.)

Step 4: You're redirected to your processor's official website

Important: Verify you're on the real website (check URL: stripe.com, square.com, etc., not a fake lookalike)

Step 5: Log in using your normal credentials

Step 6: Review what data SAPI is requesting

Step 7: Click "Authorize" or "Allow Access"

Step 8: Redirected back to SAPI with confirmation message

Done! SAPI now has read-only access to your transaction history.

You can revoke SAPI's access anytime:

Stripe:
1. Log into Stripe Dashboard
2. Settings → Connected Accounts or Applications
3. Find SAPI → Revoke Access

Square:
1. Log into Square Dashboard
2. Account & Settings → Connected Apps
3. Find SAPI → Disconnect

Other processors:
Similar process—navigate to Settings/Integrations/Connected Apps and disconnect SAPI.

Email: [email protected]
​Subject: "Revoke Open Banking Access - [Account Reference]"

SAPI will:
- Process disconnection within 2 business days
- Confirm via email once revoked

After your application:
- If your application is declined or you decide not to proceed
- After you're funded and want to disconnect

During your advance:
- Only if you no longer want SAPI to monitor sales automatically
- Note: You may need to provide manual statements instead for collection calculation

After repayment:
- Once advance is fully repaid and you don't plan to apply again

No more risky than:
- Online banking (uses same encryption)
- Using your payment processor app (same security)
- Sharing bank statements via email (actually LESS secure)

Open Banking is more secure than emailing PDFs because:
- Data comes directly from source (no forgery possible)
- Read-only (can't make changes)
- Revocable (can disconnect anytime)
- Regulated and audited

Multiple security layers:
- Data is encrypted at rest and in transit
- Access requires authentication tokens (even if hacked, limited access)
- SAPI doesn't store your Open Banking login credentials
- Immediate revocation possible if breach detected

Your payment processor account itself is not compromised through Open Banking (it's read-only).

Understandable concern. Consider:
- Open Banking is now standard in UK financial services (used by major banks, lenders, budgeting apps)
- Regulated by FCA with strict security requirements
- You retain full control (can revoke instantly)
- Alternative is emailing statements (less secure, more time-consuming)

Your choice:
If you prefer not to use Open Banking, you can manually upload payment processor statements. Contact [email protected] to arrange.

Q: Does using Open Banking affect my credit score?
A: No. Open Banking connections do not appear on credit reports and don't affect your credit score.

Q: Will my payment processor know I'm applying for financing?
A: Possibly. When you authorize Open Banking, some processors display "You've connected to SAPI" in your Connected Apps. However, they don't receive details about your application or advance.

Q: Can SAPI see my customers' details through Open Banking?
A: No. SAPI sees only aggregated transaction data (dates, amounts). We never see individual customer names, emails, or card details.

Q: What if I change payment processors—do I need to reconnect Open Banking?
A: Yes. Contact [email protected], and we'll send you a new connection link for your new payment processor.

Q: Is Open Banking required, or can I apply without it?
A: Open Banking significantly speeds up applications (24-48 hours vs. 3-5 days). However, you can apply without it by manually submitting payment processor statements. Contact [email protected] to discuss.

Q: Does Open Banking access expire?
A: Yes. Access typically expires after 12-18 months. SAPI may request you reconnect if your advance is still active and we need updated data.

Open Banking questions: [email protected]
​Connection issues: +44 20 3868 4990
​Revoking access: [email protected]
​Alternative to Open Banking: [email protected]

Email: [email protected]

Phone: +44 20 3868 4990

Business Hours: Monday-Friday, 9am-5pm GMT