There are two reasons why Starling users can get disconnected:
Reason 1: Consents only last for 90 days
To comply with PSD2, third-party consents given to Starling last for 90 days.
Starling notifies users 7 days prior to the expiration date using a mobile push notification. Users can simply refresh consents via the Starling app.
More info here from Starling's blog.
Reason 2: The user has re-connected their account to another (or the same) application that uses TrueLayer's certificates
TrueLayer holds a single certificate with Starling and AIB. This means that only one connection (consent) per user can exist at a time with each of the banks.
Let's say there are two apps, A and B that use TrueLayer to connect their users.
- User Mary connects her Starling account using TrueLayer to app A;
- User Mary then decides to connect the same Starling account to app B, which also uses TrueLayer.
- App A loses access to this user's Starling account because the valid consent is now being used by application B.
The same will happen if user Mary connects her Starling account twice using app A. Only the last consent will be valid.
What to do next?
- Short-term solution: User Mary can re-authenticate using app A (although this will revoke her access to app B);
- Long-term solution: Get your own certificates with the bank and mitigate the issues.
Here's how to get certificates with Starling.
Reason 3: User revoked their access
Reason 4: The user is trying to connect to more than one account
Users are only able to connect one account at a time. For example, if a user wants to connect their personal and business accounts, they will need to create two consents. This is a design decision made by the bank.