How does Basiq securely add my accounts as a payment method?

4 min. readlast update: 06.13.2025

Basiq is the Open Banking API Platform we use to verify your bank account information. 

How Basiq securely adds your bank account(s) as a payment method:

  1. Basiq verifies bank account information using Open Banking - at this step, you may get an SMS or Email (depending on your bank’s notification method) from your banking institution notifying you that a Basiq connection has been established. As Basiq only requires this connection to be ongoing for a short period of time, you may also receive an email or SMS from your banking institution notifying you that this Basiq connection has concluded. 

    For more information on Basiq click here

  1. Upon successful verification, your bank account will be added to PayWallet and will be ready for use. 

  1. Upon a failed connection, if you receive an error message, this can be relayed on to our support team for further assistance at support@pay.com.au.

  1. Possible reasons for failure: if the process is cancelled mid-way. 

We understand that there might be some concerns about utilising the open banking integration with Basiq to link your bank account with our services. For more details on open banking and how it is commonly used, please visit the Australian Banking Association  website by clicking here  as well as reviewing the below information on managing your data consent with Basiq.​

Introduction to the Consumer Data Right (CDR)

The Consumer Data Right (CDR) regulates the collection and handling of CDR data in line with privacy safeguards and rules that:

  • Ensure users' data is managed securely.

  • Provide users with control over how their data is shared and used.

Accredited Data Recipients (ADRs)

An Accredited Data Recipient (ADR) is an organisation approved under the CDR framework to receive and manage consumer data securely. ADRs are required to adhere to strict privacy and security rules, ensuring that the consumer's data is used only with their consent. ADR and ADR rep/ (Partners) are expected to;

  • Transparently disclose how data is used.

  • Ensure secure storage and transfer of consumer data.

  • Implement privacy safeguards to protect user consent.

Key Benefits for Users

  • Choice and Control: Users decide what data to share, how it’s used, and who it can be disclosed to.

  • Manage Consent: Users can view, modify, or revoke consents at any time.

  • Data Deletion Requests: Users can request data deletion or de-identification.

Data Usage under CDR

We may use the data collected under the CDR framework for:

  • Personalised Services: Tailoring recommendations to user activities.

  • Operational Purposes: Preventing fraud, detecting abuse, and generating analytical insights using de-identified data.

  • Communication: Sending updates and notifications aligned with user preferences.

When you give consent, you remain in control. You can easily manage your consent at any time—whether that means reviewing, updating, or withdrawing it—using any of the following methods:

  • Directly through your banking app or online banking

  • By contacting our support team via email at support@pay.com.au

Data Retention and De-identification

You have the right have the right to request data deletion at any time.

Upon withdrawal of consent:

  • Your data will be securely deleted or de-identified, depending on your consent

  • Redundant data will be destroyed (except for specific use cases when we are required by law to retain it for a longer period)

  • We will ensure that any third-party processors will securely erase any shared data

De-identification process

De-identification involves removing identifiable information while retaining anonymised data for operational purposes, such as analytics and fraud prevention. Steps include:

  • Removing your personal information from transactions

  • Stripping timestamps and descriptions that reveal specific details

  • Aggregating data to ensure anonymity

We may use de-identified data for improving services, creating insights, and operational analysis.

Retention Policy

We will always:

  • Ensure your data is deleted or de-identified promptly when it is no longer required, upon data sharing consent expiry or within 24 hours of receiving a consent revocation request

Was this article helpful?