Have you seen our Widget online? Have you been asked to log in to your account in order to verify your financial information?Let us explain who we are and why it’s secure to share your data.
AISP - Account Information Service Provider.
You might have heard that some time ago new regulations called PSD2 came into effect. One of the changes PSD2 introduced was requiring you to provide an SMS code or additionally confirm your transactions when logging in to your bank account.
PSD2 also introduced new types of entities called TPP (Third Party Providers) which provide payment-related services. One type of TPP is an Account Information Service Provider, which is authorized to download data from bank accounts after a user requests that information.
Kontomatik is authorized to provide Account Information Services. That means we’ve passed multiple checks and are compliant with regulations and that we adhere to the highest security standards in order to perform our services well.
We collaborate with our business partners to verify their users’ history of repayments, spending habits and financial capacity in order to provide their services: e.g. finance management, granting loans or mortgages, providing rentals and more.
To do this, we developed a tool we call SingIn Widget. You go through multiple steps, and are either redirected to the bank’s site to log in or asked to provide your credentials directly in the Widget. Then, we connect with the bank in order to download your account and transaction details. Finally, we do analysis on the data and pass it on to our partner so they can – for example – accept your loan application.
Depending on our partners, the country they operate in, and other factors, one of our two entities will administer our services: either Kontomatik Sp. z o.o. or Kontomatik UAB. Both are monitored and required to report their financial service activities to the national supervisory authorities in Poland (KNF, Komisja Nadzoru Finansowego) or Lithuania (BoL, Bank of Lithuania).
In most cases we operate under the Lithuanian company, which means you’ll see “Kontomatik UAB” in the Widget and attached documents, but we do have clients who decided to cooperate with our Polish company as well (“Kontomatik Sp. z o.o.”).
In any case, both adhere to the same quality and security standards when providing our services. If you want to read more about compliance at Kontomatik and the security measures we use that earned us an ISO Information Management Security certification, visit this page.
We perform two types of services: single and multiple access. Depending on what our partners might need, you’ll be informed in the Widget that you agree to us having access to your account either one time only or up to 4 times a day for up to 90 days.
After the data has been imported, either once or as part of the multiple access service, it’s sent to our partner and stored on our servers for up to 14 days. After that, all information about your accounts is removed from our servers*.
If you have any questions about how we process your data, feel free to read our Privacy Policies or contact us via firstname.lastname@example.org.
*Please note that our partner might still process the information they received, even if we remove it from our servers. To find out more about this, you should contact the company that first asked you to authenticate your information using our Widget.