AIS vs PIS in Open Banking: What’s the Difference & When to Use Each

Imagine you're a business owner, a retailer, or a service provider looking to streamline your operations and offer a better, more secure experience for your customers. You've heard the term "open banking" and phrases like Account Information Service Provider (AISPs) and Payment Initiation Service Provider (PISPs), but it all sounds a bit technical, doesn't it? 

They are the two sides of the same open banking coin, yet they serve very different purposes. This guide will break down the true meaning of AIS vs PIS for businesses exploring A2A payments and data-led services. We’ll show you how they work, why they matter, and how an open banking platform like Noda helps merchants and fintechs deploy PISP and AISP payments securely, scalably, and compliantly.

Key Takeaways

• AIS and PIS are distinct services under PSD2 open banking: AIS retrieves account data; PIS initiates A2A transaction payments.
• AISP open banking services require user consent and can refresh data via refresh tokens, but don’t move money.
• PISP payments offer instant settlement via Faster Payments (UK) or SEPA Instant (EU), reducing processing fees vs cards.
• Unlike card payments, PISP payments are final — no chargebacks, but also no easy reversals.
• Both PISP and AISP licenses are mandatory in the UK/EU to access payments or data services — but merchants can integrate via licensed partners like Noda.
• Noda enables plug-and-play access to PISP on secure instant settlement and scalable A2A payments infrastructure.

Understanding AIS and PIS: The Core Difference

Let’s get straight to the point. The easiest way to remember the difference between AIS and PIS is this:

• AIS is for Information. It’s about viewing data.
• PIS is for Payments. It’s about moving money.

Now, let's explore each in a little more detail.

What is AIS?

An Account Information Service Provider (AISP) collects data from various bank accounts after the user grants permission. This data includes balances, transaction history, and financial patterns, enabling apps to offer budgeting tools, credit checks, and holistic financial insights. For example, AIS-powered money management apps bring together information from multiple accounts to help users track spending effectively.

What is PIS?

A Payment Initiation Service Provider (PISP) doesn’t just view data — it initiates payments on behalf of customers directly from their bank accounts. Imagine a checkout process where customers pay via their bank without card details or intermediaries. This method speeds up payments, reduces fees, and avoids chargebacks common in card payments.

Comparison Table: AIS vs PIS

Both rely on user consent and strong customer authentication (SCA), but only PISP payments result in actual money movement.

How AIS Works: The Data Access Flow

Let’s walk through how AISP open banking works in practice.

Step-by-Step AIS Flow

1. User Consent:
   A customer connects their bank account to a service (e.g., a loan eligibility checker). They’re redirected to their bank’s login page.
2. Bank Authorisation & SCA:
   The user logs in and verifies their identity using biometrics or a code — this is SCA in action. The bank confirms the third party’s request.
3. Data Scopes & Timeframe:
   The AISP requests specific data: transaction history (last 90 days), account balances, or standing orders. The scope is limited and user-approved.
4. Access & Refresh Tokens:
   Once approved, the AISP receives an access token (valid for ~1 hour) and a refresh token to fetch data periodically — typically every 24–72 hours, depending on the bank.
5. Data Retention & Revocation:
   The AISP stores data only as long as necessary. Users can revoke access anytime via their banking app or the third-party service.

How long does AIS consent last?
In the UK, under the Open Banking Implementation Entity (OBIE) Customer Experience Guidelines, AIS consent must be reconfirmed every 90 days; the underlying bank authorisation remains valid unless the user revokes it earlier.

In the EU, under PSD2 and the European Banking Authority’s Regulatory Technical Standards, AIS consent can last up to 180 days before fresh Strong Customer Authentication is required, although some banks offer shorter windows.

Can users revoke?
Yes. At any time. Once revoked, the AISP loses access immediately.

AISP Examples:

• Plum – Uses AIS to analyse spending and automate savings.
• Starling Bank Marketplace – Offers third-party apps access to customer data via AIS, with strict consent controls.

Important: An AISP cannot initiate payments. Despite the name “AISP payments”, this is a misnomer. AIS is data-only. 

How PIS Works: The Payment Flow

Now, let’s look at PIS — where the money actually moves.

Step-by-Step PIS Flow

• Checkout Initiation:
  A customer selects “Pay with Bank” at checkout (e.g., on an e-commerce site). This triggers a PISP payments request.
• Bank Selection:
  The user picks their bank from a list (e.g., Barclays, Santander, Revolut).
• Redirect & SCA:
  They’re redirected to their banking app or website, where they authenticate using fingerprint, face ID, or a code. This is a critical step for security and PSD2 Compliance.
• Instant Payment Initiation:
  Once approved, the PISP sends the payment instruction. The bank debits the account instantly.

• Settlement via SEPA Instant or Faster Payments:
  Funds settle in seconds via instant settlement rails:

  - UK: Faster Payments (available 24/7, final in <10 seconds).

  - EU: SEPA Instant Credit Transfer (SCT Inst), available in 38+ countries.

• Reconciliation:
  The merchant receives confirmation and can dispatch goods immediately.

What is a PIS?
A Payment Initiation Service allows a third party to initiate a payment from a customer’s bank account, with their explicit consent. The provider must hold a PISP license.

PISP Examples:

• Noda – Enables merchants to accept A2A payments with full traceability.
• Klarna Pay Now – Offers bank-based checkout using PISP in some European markets.

What is PISP on bank statement: When a PISP payment transaction appears, it’s typically labelled with the merchant name; it’s more rare to see “PISP” or “Open Banking Payment” referenced.

Security, Consent & Liability: Who’s Responsible?

In 2022, payment fraud in the EEA reached €4.3 billion and €2 billion in the first half of 2023. PSD2 measures have been effective in curbing fraud, particularly in areas like credit transfers and card payments, which traditionally saw the highest value losses.

Security is paramount in open banking, and Both AIS and PIS require explicit, informed user consent. No backdoor access. No hidden data grabs.

An account information service provider operates under "read-only" access principles, meaning they cannot initiate transactions or modify account data. This inherently limits security risks, with primary concerns focusing on data protection and unauthorised access prevention. Customer consent mechanisms include granular permissions, allowing specific data type selection and access duration control.

PISP on bank statement entries appear as direct debits or bank transfers, providing clear transaction trails. However, PISP payments carry different liability structures compared to card transactions. Whilst traditional card payments offer chargeback protections, A2A payments rely on bank dispute resolution processes, which can take longer but often provide more definitive outcomes.

Liability Shift

Here’s the crucial part:

• In PIS (Payment Initiation Service), the PISP is liable for unauthorised payments only if Strong Customer Authentication (SCA) was correctly applied during the payment initiation. If SCA was bypassed or not properly implemented, liability may fall elsewhere, typically on the bank or payment service provider (PSP) that failed to enforce SCA. The PISP must prove that the transaction was authorised and properly executed under PSD2 Article 73.
• In AIS (Account Information Service), the AISP is responsible for the protection and proper use of the customer’s data they access and must comply with data protection laws like GDPR. Misuse or breaches of data fall under their accountability and legal liability.
• Good news for merchants: Integrating with a licensed PISP such as Noda reduces operational risk because the PISP is required to maintain PSD2 compliance. Yet merchants should still monitor settlement status before releasing goods or services.

Regulation: PSD2, PSR, and What’s Coming in 2025

Open banking was born out of a need to increase competition, improve consumer choice, and modernise payments across Europe and the UK. The catalyst? The Second Payment Services Directive (PSD2), introduced in 2018, which mandated that banks open their systems to trusted third parties via secure APIs — provided customers gave informed consent.

Under PSD2 open banking, two new types of regulated entities were created: the Account Information Service Provider (AISP) and the Payment Initiation Service Provider (PISP). Both must be authorised by national regulators — the Financial Conduct Authority (FCA) in the UK, for example — and undergo rigorous audits, cybersecurity checks, and ongoing supervision.

To operate legally, a firm must hold either an AISP license, a PISP license, or both. These aren’t optional — they’re enforced under PSD2 Compliance. Without one, no direct access to bank data or payment initiation is permitted.

Since its rollout, adoption has grown steadily. In the UK alone, 31 million open banking payments were made in March 2025 alone. The EU has seen similar momentum, with 63.8 million active users across member states.

But while PSD2 laid the foundation, it didn’t solve everything.

The Gaps in Today’s System

Despite progress, challenges remain:

• API reliability: Some bank APIs fail or time out during peak usage, disrupting PISP payments and AISP data retrieval.
• SCA friction: Strong Customer Authentication, while secure, can lead to higher drop-off rates at checkout if not implemented smoothly.
• Uneven implementation: Across Europe, banks interpret PSD2 differently — leading to inconsistent user experiences and technical hurdles for PISPs.

This is where the next wave of regulation comes in.

The UK’s Payment Systems Regulator (PSR) Leads the Way

In 2023, the UK’s Payment Systems Regulator (PSR) launched a major reform programme aimed at transforming open banking from an emerging channel into a mainstream payment rail — on par with cards or cash.

Key pillars of the PSR’s strategy include:

• Mandating 99.5% API uptime for all participating banks by 2025 — a significant step toward reliability.
• Requiring banks to publish real-time performance dashboards, so PISPs and AISPs can monitor connectivity and troubleshoot faster.
• Introducing contingency protocols for when APIs fail, ensuring payments aren’t lost in transit.

PSD3 and Beyond: What’s on the Horizon?

While the UK pushes ahead with PSR reforms, the European Commission is preparing PSD3 — expected to go live in late 2025 or early 2026. This update aims to harmonise open banking across the EU and address long-standing issues.

Proposed PSD3 measures include:

• Centralised registration of AISPs and PISPs to simplify cross-border operations.
• Enhanced fraud reporting requirements, including mandatory sharing of suspicious activity patterns between providers.
• Stronger consumer protections, such as clearer consent banners and standardised revocation processes.
• Introduction of the “Value of Payments” (VoP) model, where consumers could be compensated for sharing their financial data via AISP open banking services — potentially unlocking new revenue models for fintechs.

Why This Matters for Businesses

For merchants and fintechs, these regulatory shifts mean:

• Greater reliability of A2A payments and AISP payments data flows.
• Lower operational risk thanks to stricter bank accountability.
• New monetisation opportunities through trusted data sharing.
• Smoother user journeys as SCA and consent processes become more intuitive.

And crucially, as PISP on bank statement transparency improves and instant settlement becomes the norm, consumer trust in open banking payments will grow — accelerating adoption.

Costs & Fees: PIS vs Cards

One of the most compelling reasons for merchants to adopt PIS payments is the cost. Card networks charge a percentage of each transaction (known as interchange fees), along with other fees. These costs can add up, particularly for businesses with high transaction volumes or large average order values.

PIS payments, in contrast, often come with a flat, per-transaction fee that is significantly lower than card processing fees. This can result in substantial savings.

The comparison table below shows PIS's edge in efficiency.

Settlement Times & Refunds: The Speed Advantage

• Settlement Times: This is a knockout blow for PIS. A card payment can take 2-3 days to settle into a merchant's account. A PISP payment via Faster Payments or SEPA Instant settles in seconds. This dramatically improves a business’s cash flow and reduces uncertainty.
• Refunds: The process for refunds on A2A payments is currently more manual than the automated reversal systems for cards. The merchant typically has to initiate a new payment back to the customer. However, the industry is developing standards to streamline this.

Choosing Between AIS and PIS

Understanding AIS vs PIS isn’t just about compliance — it’s about unlocking better customer experiences, lower costs and faster cash flow.

• Use AIS if you need data: for onboarding, credit checks or financial insights.
• Use PIS if you want to accept payments: for e-commerce, subscriptions or invoicing.

And when you’re ready to act, Noda makes it simple. We handle the complexity of PSD2 open banking, SCA and bank integrations — so you can focus on growing your business with secure, instant A2A payments.

Noda: Powering the Future of A2A Payments

Noda stands out as a leading Payment initiation service provider and AISP enabler, connecting merchants to over 2,000 banks in 28 countries in the UK and EU.

This means you can:

• Offer PISP payments to your customers at checkout, giving them a fast, secure, and intuitive payment option.
• Benefit from instant settlement, giving you access to your funds in seconds, not days.
• Eliminate the risk and cost of chargebacks.
• Utilise AIS to verify customer identity and financial status, reducing fraud and improving security.

By partnering with Noda, you’re future-proofing your business with the power of open banking.

Why Digital-First Businesses Choose Noda:

While others focus on cards and legacy systems, Noda is built for the open banking era: 

• Significant Cost Savings: With fees starting at just 0.1%, our pricing is a game-changer. For instance, on a £100,000 monthly turnover, you could save around £2,300 versus typical 2.4% card charges, saving you thousands every month.
• Instant Settlement & Improved Cash Flow: Enjoy instant payments with real-time confirmation via Faster Payments, SEPA Instant and other instant schemes, meaning faster order processing and dramatically improved cash flow.
• Effortless Integration: Get to market fast with our single, developer-friendly API and ready-made plugins for WooCommerce, Magento, PrestaShop and OpenCart.
• Compliance, Handled: Our platform is fully PSD2-compliant, ensuring ironclad security for you and your customers. We handle all the regulatory heavy lifting.
• Dedicated Personal Support: You’re not just another account. You’ll have a dedicated personal manager to guide you through setup and beyond, making the transition smooth and hassle-free.

While others serve broad markets with card-centric solutions, Noda is purpose-built for merchants who want faster, cheaper, and more secure A2A payments.

Get in touch with Noda today and see how we can help your business stay ahead of the curve.