How we protect your bank details
We explain why we need your bank details, what we do with them and how your details, and money, are kept safe.
We know giving out your bank details can feel like you are giving away the keys to the kingdom and goes against the advice banks had been giving up until very recently. We collect the most common questions we get when it comes to bank details and protecting your hard-earned 💰
Your bank details
Why we need your bank details
You connect Plum to your bank account in two ways - (i) read-only access to your bank account, which we use to determine auto-savings and insights (ii) a Direct Debit Mandate (like your phone company/gym membership), which is used for the auto-savings.
Plum monitors your incomings and outgoings to calculate safe amounts for you to save regularly. Linking to your bank means you do not have to manually enter all your transactions into Plum and we can work in the background for you effortlessly. To link to your bank account we do need you to pass your banks security checks. We suggest contacting your bank about third parties like us and open banking for peace of mind!
How they are stored
Your personal data is 100% encrypted and protected. We never store or have access to your bank login details. We forward your login details directly to our data partner, Yodlee, who give us read only access. Because we get read-only access to your transaction data, in the unlikely event of a breach/hack, no money can be transferred out of your bank account.
Yodlee is the world leader in transaction aggregation, the process of granting applications read-only access to your data. Yodlee has been around for 17 years. It supports over 5000 financial institutions worldwide and it used by a number of major banks in the US and the UK for their data management. You can read more on Yodlee's security practices here.
So how do we move money into your Plum savings if we don’t have access to your bank login details?
When you sign up to Plum, you give your consent for us to pull varying amounts of money, from your bank account into your Plum Savings via Direct Debit.
When you allow Plum to create a Direct Debit with the bank, Plum sends a request to GoCardless to set up the Direct Debit; GoCardless are authorised by the Financial Conduct Authority to provide payment services as an Authorised Payment Institution, and so handle everything Direct Debit related on your account. Through Plum you are able to manage this direct debit, either by cancelling your account, or changing the linked bank account. Just like with any other subscription, you can cancel the mandate directly through your bank.
This is just like your gym membership: the gym itself does not create the Direct Debit mandate (this part will be outsourced), but you can go to the gym, or give them a call to cancel your membership, which will in turn facilitate the cancellation of the Direct Debit mandate for you.
With Plum you can cancel anytime by typing ‘cancel Plum’ or if you ever need any help with Plum and want to speak to a human just type ‘chat to a human’ or email email@example.com
Will this void protection / violate T&Cs with your bank
It's always good to be cautious with your personal data. Thankfully, a new regulation called PSD2 part of the new Open Banking Standard set by the UK's Competition and Markets Authority, requires banks to provide you access to your data if you want to use third parties like Plum without voiding any fraud cover or insurance. Essentially, Open banking means that you the user has complete ownership of your own financial data and can decide what to do with it rather than the banks.
Until now, this has been a grey area, but with new personal finance apps and bots coming into play over the last couple of years, regulation and institutions have had to change the way they're wired. This is why banks like Halifax, Nationwide and RBS to name a few are creating new, open APIs which enable customers to share their online banking data with their chosen service provider, like Plum, in a click of a few buttons! We recommend checking with your bank to know if they already have or when they will update their T&Cs to reflect this.
What about other sensitive information
We do a number of things to keep sensitive and personal data safe. For more information about how we keep this data safe and what we do with it and how to delete it should you decide to leave Plum take a look here.
Where is your money stored
Plum is not a bank and does not hold your money for you. When Plum sets money aside for you, it is moved to a protected bank account from our partner MangoPay, which is regulated to hold your money as an 'Authorized Electronic Money provider'.
To access it you just need to type ‘withdraw’ and the amount you would like.
How is your money protected
Your Plum savings are deposited in a secure account and held as e-Money by MangoPay, our e-Money provider. This means your money is ring-fenced and cannot be lent out by the bank. It also cannot be claimed by any of MangoPay's creditors.
This means that in the unlikely event that Plum, MangoPay, or the bank should go bust, you will get all of your money back. This is very important to us and will always be the case with your Plum deposits.
Why is there no FSCS cover
When you deposit money in a bank, the bank will usually lend out (part of) your deposits. This is how a bank makes most of its money! What this means is that your money is effectively “at risk” if the bank goes bankrupt, hence there is a need for deposit insurance, commonly known as FSCS, for up to £75,000. At Plum, we don’t do this. Because of the way we work, your money is protected with no upper limit.