Our APIs have access to highly sensitive information concerning current accounts, saving accounts, credit cards, and other financial instruments. Such information, if not handled with the highest levels of security and discretion, could lead to significant risks including financial fraud, identity theft, and breaches of privacy.

This section explains the types of sensitive information that can be accessed through Moneyhub's API.

Accounts

When connecting accounts from a financial provider the following fields can contain sensitive information:

accountName: The name of the account. For some type of accounts this field can contain sensitive information. For cash, savings and credit cards the account holder name can be present. For Zoopla Accounts it can contain the first line address. For Auto trader it can contain the vehicle registration number.
accountHolderName: Account Holder name. It requires the accounts_details:read scope.
accountReference: A reference number for the account which consists of the last 4 digits of the account identification number (Account Number, IBAN or PAN). It requires the accounts_details:read scope
details.sortCodeAccountNumber: For cash and saving accounts. Populated with the 6 digit Sort Code and 8 digit Account Number. It requires the accounts_details:read scope.
details.iban: For cash and savings accounts. Populated with the full IBAN number. It requires the accounts_details:read scope.
details.pan: For card accounts. Populated with the Primary Account Number of the credit card. The digits are masked by the financial institution e.g. XXXX-XXXX-XXXX-1245 . It requires the accounts_details:read scope.
providerAccountIdentifications: List of specific account identifications when there is no sort code/account number, iban or pan available.
postcode: For properties. The postcode of the property.

More information on the fields that can be retrieved for accounts can be found in our Accounts API reference

Transactions

When connecting accounts that contain transactions from a financial provider the following fields can contain sensitive information:

longDescription: Transaction descriptions can contain personal information such as the account holder name.
cardInstrument: Transactions can contain details about the card instrument that was used when making a purchase, such as name of the cardholder, full or masked card number and type of card.
creditorAccount: For debit transactions this field can contain details of the creditor account, such as the account owner, sort code, account number, iban or pan.
debtorAccount: For credit transactions this field can contain details of the debtor account, such as the account owner, sort code, account number, iban or pan.

More information on the fields that can be retrieved for transactions can be found in the Transaction API reference

Beneficiaries

When connecting accounts that contain beneficiaries from a financial provider the following fields can contain sensitive information:

name: Can contain he full name of the beneficiary.
accountNumber: The beneficiary's account number.
sortCode: The beneficiary's sort code.
iban: For cash accounts. Populated with the full IBAN number.
pan: For card accounts. Populated with the full Primary Account Number.
postalAddress: Additional postal address information for the beneficiary agent, only retrieved using beneficiaries_detail:read scope.

More information on the fields that can be retrieved for beneficiaries can be found in the Beneficiaries API reference

Standing orders

When connecting accounts that contain standing orders from a financial provider the following fields can contain sensitive information:

payee: The details to identify the beneficiary account, it contains the name of the account owner and sort code, account number, iban or pan. It requires the standing_orders_detail:read scope.

More information on the fields that can be retrieved for beneficiaries can be found in the Standing Orders API reference