An open banking service that allows an approved third party to request payments from a user’s bank account. It is more sensitive than read-only data access because it directly affects funds movement and requires stronger accountability, validation, and revocation controls.
Expanded Definition
A Payment Initiation Service is a regulated open banking capability that lets a third party instruct a bank to move funds on a customer’s behalf, with the customer’s consent and the bank’s approval path. Unlike read-only account aggregation, it creates direct payment risk because the service can trigger real financial transactions.
In NHI and IAM terms, this is not just an API integration problem. It is an identity, authorization, and transaction-accountability problem where the initiating application, its secrets, its signing material, and its audit trail all matter. Implementations typically need strong customer authentication, explicit consent scoping, transaction verification, revocation handling, and monitoring aligned to the NIST Cybersecurity Framework 2.0. Definitions vary across vendors and regulatory regimes, but the core idea is consistent: the service must be able to prove who initiated the payment, what was authorised, and whether the request can still be revoked or blocked.
The most common misapplication is treating payment initiation like a standard read-only API permission, which occurs when teams reuse low-risk integration patterns for money-moving workflows.
Examples and Use Cases
Implementing Payment Initiation Service rigorously often introduces friction in the customer journey, requiring organisations to weigh faster checkout and better automation against stronger verification, consent capture, and fraud controls.
- A fintech app submits a bill payment request from a user’s current account after collecting explicit consent and passing bank authentication checks.
- An embedded finance platform initiates payroll disbursements through bank APIs, while using signed requests and tight entitlement scopes to limit misuse.
- A treasury tool schedules supplier payments through open banking rails, but requires dual approval and step-up validation before release.
- A merchant payment flow asks the bank to start a transfer instead of processing card data, reducing card exposure but increasing transaction governance needs.
- Security teams review the service’s credentials, webhook verification, and rotation process using guidance from the Ultimate Guide to NHIs alongside bank-facing API standards and consent expectations.
For open banking implementations, the service should be engineered as a controlled NHI with narrow privileges, not as a generic integration token. The Ultimate Guide to NHIs is useful here because the same governance issues recur across machine identities, especially where revocation and offboarding are weak.
Why It Matters in NHI Security
Payment initiation sits at the point where identity meets financial impact. If the initiating service’s secrets, certificates, or delegated permissions are exposed, attackers can do more than read data. They can move money, create fraudulent transfers, and exploit gaps in revocation, logging, or beneficiary verification. This makes the service a high-value NHI that demands lifecycle control, not just development-time security.
NHI Mgmt Group’s research shows that 79% of organisations have experienced secrets leaks, with 77% of those incidents causing tangible damage, and 90% of IT leaders say properly managing NHIs is essential for successful zero-trust implementation. Those findings matter directly for payment initiation because compromised machine credentials often become the easiest route to unauthorised transactions. The relevant governance posture aligns with identity containment, least privilege, and measurable revocation discipline described in the Ultimate Guide to NHIs, while broader control mapping can follow the NIST Cybersecurity Framework 2.0.
Organisations typically encounter this term after a fraudulent payment, a revoked consent failure, or a credential compromise, at which point Payment Initiation Service becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Payment initiation depends on protecting machine secrets and delegated access from misuse. |
| NIST CSF 2.0 | PR.AC | Access control and authorization govern who may initiate payments and under what consent. |
| NIST Zero Trust (SP 800-207) | Zero Trust requires continuous verification for high-risk financial actions like payment initiation. |
Treat each payment request as an independently verified transaction, not a trusted session extension.
