Data Security

Mastercard OB Services UK Limited provides data security and safety advice to help keep you protected online.

For example, if you want to buy something online and the seller offers our Payment Initiation Service (Pay), then you can securely pay direct from your bank or payment account. You will be directed to our portal and asked to confirm the value and the person or business you wish to pay.

Then, you will be securely redirected from Mastercard to your bank (or payment account service provider) for authentication using Strong Customer Authentication – a security check to ensure that only you are able to initiate the payment. At that point we will submit the payment order to your bank and then confirm to you and the person you are paying that the payment has been initiated.

Every third party that refers you to us for our Payment Initiation Service (Pay) or Account Information Service (Data) is subject to vetting by our specially trained and experienced staff to confirm that they are who they say they are. For Pay, we also verify their bank account details so you can have confidence that your payments are going to the right place.

Your bank (or payment account service provider) login credentials (e.g. your Strong Customer Authentication (SCA) username or password) remain private to you – we cannot see them or store them.

 You will see a clear presentation of the payment instruction (e.g. Pay recipient and amount) prior to initiation of your payment. These details cannot subsequently be altered.

 You will be asked to confirm and give your explicit consent for us to initiate your payment instruction.

Your bank (or payment account service provider) login credentials (e.g. your Strong Customer Authentication (SCA) username or password) remain private to you – we cannot see them or store them. You will see a clear presentation of the information you wish to share prior to your confirmation to share it. You will be asked to confirm and give your explicit consent for us to initiate your information sharing instruction.

Our systems are protected by industry recognised encryption standards, as well as secure access authentication and controls. We conduct regular reviews and risk assessments to ensure our security standards are up to date and are being met.

All staff receive annual training on security and fraud matters. Our customer support staff receive additional training to support consumers – particularly the vulnerable. We conduct regular customer surveys to make sure we are providing the best support to our consumers.

If you need help or think you have been a victim of fraud when using our service then please contact us immediately by emailing openbankingUK_Support@mastercard.com or writing a letter addressed for the attention of: Complaints Officer, Mastercard OB Services UK Limited, 1 Angel Lane, London EC3R 3AB.

Be vigilant


We encourage you to monitor your bank or payment accounts and check your statements regularly for transactions that you don’t recognise. Should you suspect fraudulent activity, contact the financial institution that provides your payment account immediately.



Be informed



There are many things you can do to help prevent fraud.

For example, learn about smart password creation and shred old statements and documents containing your personal information before throwing them out.



No one should contact you for personal information or account data. If this happens, hang up the phone or delete the email and reach out to your bank using the phone numbers on the back of your payment card or correspondence from your bank. You can also visit your bank’s website to report suspicious activity.

Strong Customer Authentication (SCA) is a security process that requires you to give at least two pieces of information to confirm who you are when paying online. This information may fall under the following categories:



Something you know


PIN, password or username



Something you have


Mobile phone or other device
Something that proves who you are
Fingerprint or facial features