How we protect your bank details

How does Plum keep your money safe?

We explain why we need your bank details, what we do with them and how your details, and money, are kept safe.

We know giving out your bank details can feel like you are giving away the keys to the kingdom and goes against the advice banks had been giving up until very recently. We collect the most common questions we get when it comes to bank details and protecting your hard-earned 💰

Why we need your bank details

You connect Plum to your bank account in two ways - (i) read-only access to your bank account, which we use to determine auto-savings and insights (ii) a Direct Debit Mandate (like your phone company/gym membership), which is used for the auto-savings.

Plum monitors your incomings and outgoings to calculate safe amounts for you to save regularly. Linking to your bank means you do not have to manually enter all your transactions into Plum and we can work in the background for you effortlessly. To link to your bank account we do need you to pass your banks security checks. We suggest contacting your bank about third parties like us and open banking for peace of mind!

How are they stored

Your personal data is 100% encrypted and protected. We never store or have access to your bank login details. We forward your login details directly to our data partner, Truelayer, who give us read only access. Because we get read-only access to your transaction data, in the unlikely event of a breach/hack, no money can be transferred out of your bank account.

Truelayer is a UK leader in transaction aggregation, the process of granting applications read-only access to your data, and is regulated by the Financial Conduct Authority. Truelayer supports major innovative financial institutions such as Monzo, Zopa or ClearScore. You can read more on Truelayer's security practices here.


How do we move money into  Plum if we don’t have access to your bank login details?

When you sign up to Plum, you give your consent for us to pull varying amounts of money, from your bank account into Plum via Direct Debit.

When you allow Plum to create a Direct Debit with the bank, Plum sends a request to GoCardless to set up the Direct Debit; GoCardless are authorised by the Financial Conduct Authority to provide payment services as an Authorised Payment Institution, and so handle everything Direct Debit related on your account. Through Plum you are able to manage this direct debit, either by cancelling your account, or changing the linked bank account. Just like with any other subscription, you can cancel the mandate directly through your bank.

This is just like your gym membership: the gym itself does not create the Direct Debit mandate (this part will be outsourced), but you can go to the gym, or give them a call to cancel your membership, which will in turn facilitate the cancellation of the Direct Debit mandate for you.

With Plum you can cancel anytime by typing ‘cancel Plum’ (or within 'You' on the app). If you ever need any help with Plum and want to speak to a human just type ‘chat to a human’, (or within 'Help' on the app) or email help@withplum.com

Will this void protection / violate T&Cs with your bank

It's always good to be cautious with your personal data. Thankfully, a new regulation called PSD2 part of the new Open Banking Standard set by the UK's Competition and Markets Authority, requires banks to provide you access to your data if you want to use third parties like Plum without voiding any fraud cover or insurance. Essentially, Open banking means that you the user has complete ownership of your own financial data and can decide what to do with it rather than the banks.

Until now, this has been a grey area, but with new personal finance apps and bots coming into play over the last couple of years, regulation and institutions have had to change the way they're wired. This is why banks like Halifax, Nationwide and RBS to name a few are creating new, open APIs which enable customers to share their online banking data with their chosen service provider, like Plum, in a click of a few buttons! We recommend checking with your bank to know if they already have or when they will update their T&Cs to reflect this.

Where is your money stored

Plum is not a bank and does not hold your money for you. When Plum sets money aside for you, it is moved to a protected bank account from our partner Railsbank, which is regulated to hold your money as an 'Authorized Electronic Money provider'.

To access it you just need to type ‘withdraw’ (or tap 'Withdraw' in the app) and the amount you would like.

How is your money protected

Your Plum savings are deposited in a secure account and held as e-Money by Railsbank, our e-Money provider. This means your money is ring-fenced and cannot be lent out by the bank. It also cannot be claimed by any of Railsbank's creditors.

This means that in the unlikely event that Plum, Railsbank, or the bank should go bust, you will get all of your money back. This is very important to us and will always be the case with your Plum deposits.

Why is there no FSCS cover

When you deposit money in a bank, the bank will usually lend out (part of) your deposits. This is how a bank makes most of its money! What this means is that your money is effectively “at risk” if the bank goes bankrupt, hence there is a need for deposit insurance, commonly known as FSCS, for up to £75,000. At Plum, we don’t do this. Because of the way we work, your money is protected with no upper limit.

If you have any questions about Plum we didn't answer here check out the help centre or email help@withplum.com

Want to get started? Just click here.