One of the primary ambitions of these guidelines is to provide simplification and consistency throughout each stage of the Open Banking implementation. As such, we have defined a core set of AIS journeys to illustrate the roles played by each of the Participants in the Open Banking ecosystem.
Other pages in this section Get Started Authentication Methods Account Information Services Payment Initiation Services Card Based Payment Instrument Issuers (CBPIIs) Checklist Appendices Change Log
Featured journeys Permissions & Data Clusters for AIS journeys Permissions In the Open Banking API design, data elements are logically grouped together into “permissions”. It is at this level that AISPs request data access. If they request access to a specific permission they will have access to all the data elements in the permission. This provides a pragmatic approach, allowing AISPs to be selective… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020 Account Information Consent User Journey In this journey the AISP presents to the PSU a description of the data that it requires in order to support its service proposition. PSU selects the ASPSP(s) where their payment account(s) is held. The PSU is then directed to the domain of its ASPSP for authentication and to select the account(s) they… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020 Refreshing AISP access User Journey The PSRs require strong customer authentication to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10). However, this will still require… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020 90-Days Re-authentication User Journey The PSRs require Strong Customer Authentication (SCA) to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10), however, this will still… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020 Consent Dashboard & Revocation User Journey AISPs must provide PSUs with a facility to view and revoke on-going consents that they have given to that AISP. They may have consented to share data from several ASPSPs with a single AISP. This section describes how these consents should be displayed and how the customer journey to revoke them should be… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020 AIS Access Dashboard & Revocation User Journey ASPSPs must provide PSUs with a facility to view and revoke on-going access that they have given to any AISP for each account held at that ASPSP. This section describes how AISP’s access should be displayed and how the customer journey to revoke them should be constructed. Wireframes What the research says “Consumer… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020 Access Status Notifications by ASPSPs User Journey In addition to the mandatory notifications between AISPs and ASPSPs (refer to section Mandatory notification mechanisms between AISPs and ASPSPs), OB Standards have been extended to provide the following additional notification mechanisms: A. Real Time / Push Notifications: Functionality to enable ASPSPs to notify AISPs in real time (i.e. immediately) when a PSU revokes their… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020 AIS Access for PSUs from Corporate Entities User Journey PSUs, with delegated user authority on behalf of corporates who are authorised to receive corporate account information via AISPs, will be able to provide consent to the AISPs using the standard AIS journey shown in section Account Information Consent. In this journey the AISP presents to the PSU a description of the data… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
Permissions & Data Clusters for AIS journeys Permissions In the Open Banking API design, data elements are logically grouped together into “permissions”. It is at this level that AISPs request data access. If they request access to a specific permission they will have access to all the data elements in the permission. This provides a pragmatic approach, allowing AISPs to be selective… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
Account Information Consent User Journey In this journey the AISP presents to the PSU a description of the data that it requires in order to support its service proposition. PSU selects the ASPSP(s) where their payment account(s) is held. The PSU is then directed to the domain of its ASPSP for authentication and to select the account(s) they… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
Refreshing AISP access User Journey The PSRs require strong customer authentication to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10). However, this will still require… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
90-Days Re-authentication User Journey The PSRs require Strong Customer Authentication (SCA) to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10), however, this will still… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
Consent Dashboard & Revocation User Journey AISPs must provide PSUs with a facility to view and revoke on-going consents that they have given to that AISP. They may have consented to share data from several ASPSPs with a single AISP. This section describes how these consents should be displayed and how the customer journey to revoke them should be… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
AIS Access Dashboard & Revocation User Journey ASPSPs must provide PSUs with a facility to view and revoke on-going access that they have given to any AISP for each account held at that ASPSP. This section describes how AISP’s access should be displayed and how the customer journey to revoke them should be constructed. Wireframes What the research says “Consumer… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
Access Status Notifications by ASPSPs User Journey In addition to the mandatory notifications between AISPs and ASPSPs (refer to section Mandatory notification mechanisms between AISPs and ASPSPs), OB Standards have been extended to provide the following additional notification mechanisms: A. Real Time / Push Notifications: Functionality to enable ASPSPs to notify AISPs in real time (i.e. immediately) when a PSU revokes their… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
AIS Access for PSUs from Corporate Entities User Journey PSUs, with delegated user authority on behalf of corporates who are authorised to receive corporate account information via AISPs, will be able to provide consent to the AISPs using the standard AIS journey shown in section Account Information Consent. In this journey the AISP presents to the PSU a description of the data… View journey This version was published 4 Years & 7 Months ago 31 Mar 2020
Using an Available Exemption with a Customer Identifier Previous Permissions & Data Clusters for AIS journeys Next