Last updated: July 2024 

Is Pay by Bank safe for UK ecommerce? Yes — it's FCA-regulated, built on secure open banking infrastructure, and eliminates chargebacks entirely. Here's how Pay by Bank via Fena works and why it's more secure than card payments.

The straightforward answer

Pay by Bank is safe, regulated, and legitimate. It's built on the same open banking infrastructure that over 11 million UK consumers use every month, overseen by the Financial Conduct Authority, and — for merchants specifically — structurally more secure than card payments in several meaningful ways.

If you've arrived here because you're evaluating Pay by Bank via Fena for your Shopify or WooCommerce store and want to understand what's actually under the hood, this guide covers it properly.

Quick summary

• Pay by Bank in the UK operates under FCA regulation and is built on the open banking framework introduced in 2018

• Payments are authenticated directly through the customer's own bank, using the same security layer they use for online banking

• There are no card credentials in the flow, which removes a significant category of fraud exposure entirely

• Chargebacks don't exist in the Pay by Bank model — payments are near-final once authorised

• Fena is an FCA-authorised open banking provider, purpose-built for UK ecommerce on Shopify and WooCommerce

• Pay by Bank via Fena is particularly well-suited to merchants in regulated categories where fraud prevention and compliance carry extra weight

What is Pay by Bank and what makes it different?

Pay by Bank lets customers pay directly from their bank account at checkout, without using a card. Instead of entering card details, the customer is directed to their banking app, authenticates the payment using their existing bank login or biometrics, and the funds transfer directly.

No card number is shared. No CVV. No card details stored or processed by the merchant or any payment intermediary.

This is not a workaround or a niche alternative — it's a core part of UK financial infrastructure. Open banking was formally introduced under FCA regulation in 2018, and the major UK banks — including Barclays, Lloyds, HSBC, NatWest, and Starling — are required participants. The security standards that underpin it are the same standards governing everyday online banking.

Why UK merchants are asking about security

For merchants evaluating Pay by Bank for the first time, the questions are understandable. Card payments are familiar. The risks are known quantities — chargebacks, fraud rates, PCI compliance requirements — even if they're frustrating ones. Moving to a less familiar payment method prompts legitimate questions about what the security model actually looks like.

The honest answer is that Pay by Bank has a different risk profile from cards, and in most respects a better one for merchants. Not because it's technically exotic, but because it removes several of the structural vulnerabilities that make card payments risky.

How Pay by Bank security actually works

The security of Pay by Bank rests on a few interlocking elements that are worth understanding individually.

Bank-level authentication.

Every Pay by Bank payment is verified by the customer's own bank, using the same authentication the bank uses for online banking access. This typically means a combination of something the customer knows (their banking password or PIN) and something they have (their phone, via biometric confirmation). This is Strong Customer Authentication (SCA) as mandated by UK regulation — not an optional add-on.

No card data in the flow.

Card fraud — whether from stolen credentials, phishing, card testing, or data breaches — relies on obtaining card details. Pay by Bank removes this attack surface entirely. There are no card numbers to steal because none are generated or transmitted.

End-to-end encryption.

Open banking payments are protected by encrypted APIs throughout the transaction. Data is secured from the moment the customer initiates payment through to settlement confirmation.

No chargebacks.

Card chargebacks exist because card payments are reversible after settlement. Pay by Bank transactions, once authorised by the customer's bank, are near-final. There is no equivalent dispute mechanism for merchants to defend against, no chargeback fees, and no card network monitoring thresholds to worry about.

Consent-based payment authorisation.

Each payment requires explicit, active authorisation by the account holder within their banking environment. Payments cannot be initiated without the customer's direct participation — which is structurally different from card-on-file or recurring card charges, where the customer's presence at payment time is not required.

Is open banking safe in the UK?

Yes. UK open banking operates under a regulatory framework designed specifically to maintain the security standards of the banking system while enabling payment innovation.

The FCA authorises and supervises all open banking payment providers. Participation by major banks is mandated, and the technical standards — including SCA requirements and encrypted API specifications — are set at a regulatory level, not left to individual providers.

The scale of usage reflects the level of trust the infrastructure has earned: more than 11 million UK consumers use open banking services every month, a number that has grown consistently since the framework launched.

For merchants asking whether open banking is legitimate or whether it meets the compliance bar for their industry — the answer is yes, and for regulated categories in particular, it often meets a higher standard than card payments.

How Fena secures Pay by Bank payments for UK merchants

Fena is an FCA-authorised open banking provider that makes Pay by Bank available for Shopify and WooCommerce merchants. Beyond the baseline security of the open banking framework itself, Fena adds a layer of capability designed specifically for ecommerce use.

FCA authorisation.

Fena operates under FCA authorisation to process open banking payments in the UK. This isn't a third-party certification — it's the regulatory status required to operate legally in this space.

Real-time fraud monitoring.

Fena monitors transactions for anomalies and suspicious activity patterns, providing a layer of oversight beyond the bank authentication itself.

Bank-level encryption throughout.

Customer data and payment information are encrypted at every stage of the checkout and settlement process.

Instant payment confirmation.

Merchants receive real-time confirmation when a payment is authorised, with full visibility into payment status and payout timing.

Complete audit trails.

Every transaction is logged with the detail needed for finance, accounting, and compliance purposes — particularly relevant for merchants in regulated industries.

Pay by Bank versus card payments: the security comparison

Understanding where Pay by Bank is more secure than cards requires looking at where card payment risk actually comes from.

PCI compliance.

Card payments require merchants to meet Payment Card Industry Data Security Standards (PCI DSS) because card data is sensitive and must be protected throughout processing. Pay by Bank involves no card data, so PCI compliance requirements don't apply to the payment flow.

Chargeback exposure.

Card chargebacks are a significant and well-documented merchant risk. Pay by Bank has no equivalent — once a payment is authorised by the customer's bank, it cannot be reversed through a card network dispute process.

Identity verification strength.

Card payments verify identity through card possession and, with 3D Secure, an additional step — but the underlying credentials (card number, expiry, CVV) can be compromised without the card being physically stolen. Pay by Bank authenticates through the customer's banking credentials and biometrics, which are significantly harder to obtain and exploit.

Settlement speed.

Card payments typically settle in one to three business days. Pay by Bank via Fena settles instantly or same-day, reducing the window of uncertainty between payment and funds availability.

Fraud risk.

Card fraud operates at moderate to high rates across UK ecommerce, driven by stolen credentials and organised fraud. Pay by Bank's authentication model makes the equivalent attacks significantly harder to execute.

Is Pay by Bank the right fit for regulated industries?

Pay by Bank via Fena is particularly well-suited to Shopify and WooCommerce merchants in categories where compliance and fraud prevention carry extra weight — including supplements, CBD, vape products, and other regulated goods.

These categories often face elevated chargeback rates and additional scrutiny from card processors. Pay by Bank removes the chargeback exposure entirely and provides a payment flow that meets strong authentication standards by design, without requiring additional compliance work from the merchant.

The FCA-regulated status of both the open banking framework and Fena as a provider means merchants can point to a clear regulatory foundation when questions about payment security arise.

Frequently asked questions

Is Pay by Bank safe to use in the UK?

Yes. Pay by Bank operates under FCA regulation, uses encrypted open banking APIs, and authenticates every payment directly through the customer's bank. It is one of the most secure payment methods available to UK consumers and merchants.

Is Pay by Bank legit?

Yes. It's part of the official UK open banking infrastructure, regulated by the FCA, and actively used by over 11 million UK consumers every month. The major UK banks are required participants under the open banking framework.

Is Fena secure?

Fena is FCA-authorised to process open banking payments in the UK, operates with bank-level encryption, and provides real-time fraud monitoring and full transaction audit trails. It is built specifically for secure ecommerce payments on Shopify and WooCommerce.

Is Pay by Bank more secure than card payments?

For merchants, yes — in several specific ways. It eliminates chargebacks, removes card data from the payment flow, authenticates customers through their own bank rather than card credentials, and settles faster. The residual fraud risks are different from card fraud and generally lower in the ecommerce context.

Does Pay by Bank work for high-risk or regulated product categories?

Yes. Pay by Bank via Fena is well-suited to merchants in regulated categories including CBD, vape, supplements, and similar goods. It removes the chargeback exposure these merchants typically face with cards and meets strong authentication standards by regulatory design.

What happens if a customer wants a refund on a Pay by Bank transaction?

Refunds on Pay by Bank transactions are processed directly by the merchant — there is no card network dispute mechanism involved. This means merchants handle refunds on their own terms, without the fees, timelines, or evidence requirements associated with card chargebacks.

Do I still need PCI compliance if I use Pay by Bank?

No, not for the Pay by Bank payment flow. Because no card data is transmitted or stored, the PCI DSS requirements that apply to card payments do not apply. If you continue to accept cards alongside Pay by Bank, PCI compliance still applies to those transactions.

The bottom line

Pay by Bank is safe, regulated, and — for UK ecommerce merchants — meaningfully more secure than card payments in the areas that matter most: fraud exposure, chargeback risk, and authentication strength.

It's not a novel technology taking a bet on unproven infrastructure. It's built on the same open banking framework regulated by the FCA that over 11 million UK consumers already use, delivered through Fena's ecommerce-specific implementation for Shopify and WooCommerce.

For merchants who've been absorbing card fraud losses and chargeback costs as a cost of doing business, Pay by Bank isn't just a security upgrade — it removes a structural problem rather than managing around it.