One of the primary objectives of the Customer Experience Guidelines is to provide simplification and consistency across all Open Banking implementations. As such, we have defined a core set of authentication methods that can and should be used, subject to the scope and flexibility of any payment initiation and/or account information services provided by TPPs.
Other pages in this section Get Started Authentication Methods Account Information Services Payment Initiation Services Card Based Payment Instrument Issuers (CBPIIs) Checklist Appendices Change Log
Browser Based Redirection – AIS User Journey PSU Authentication with the ASPSP using browser based redirection from an AISP for an AIS request. This enables a PSU to authenticate with their ASPSP while using an AISP for an AIS service, using the same web based authentication method which the PSU uses when accessing the ASPSP web channel directly. This… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 Browser Based Redirection – PIS User Journey PSU Authentication with the ASPSP using browser based redirection for a PIS request. This enables a PSU to authenticate with their ASPSP while using a TPP for the PIS service, using the same web based authentication method which they use when accessing the ASPSP web channel directly. This model works when the… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 App Based Redirection – AIS User Journey PSU authentication with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the AISP service. This enables the PSU to authenticate with the ASPSP while using an AISP for an AIS service using the same ASPSP app based authentication method which they use… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 App Based Redirection – PIS User Journey PSU authentication, with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the PISP service. This enables the PSU to authenticate with the ASPSP while using a PISP for a PIS service using the same ASPSP app based authentication method that they… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 App to Browser Redirection App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. In these instances, the TPP app will need to launch the native mobile browser in order to present the PSU with their ASPSP’s… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 App-to-browser redirection – AIS App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. In these instances, the TPP app will need to launch the native mobile browser in order to present the PSU with their ASPSP’s… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 Browser-to-app redirection App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. In these instances, the TPP app will need to launch the native mobile browser in order to present the PSU with their ASPSP’s… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 Effective use of redirection screens App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. In these instances, the TPP app will need to launch the native mobile browser in order to present the PSU with their ASPSP’s… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Browser Based Redirection – AIS User Journey PSU Authentication with the ASPSP using browser based redirection from an AISP for an AIS request. This enables a PSU to authenticate with their ASPSP while using an AISP for an AIS service, using the same web based authentication method which the PSU uses when accessing the ASPSP web channel directly. This… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Browser Based Redirection – PIS User Journey PSU Authentication with the ASPSP using browser based redirection for a PIS request. This enables a PSU to authenticate with their ASPSP while using a TPP for the PIS service, using the same web based authentication method which they use when accessing the ASPSP web channel directly. This model works when the… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
App Based Redirection – AIS User Journey PSU authentication with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the AISP service. This enables the PSU to authenticate with the ASPSP while using an AISP for an AIS service using the same ASPSP app based authentication method which they use… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
App Based Redirection – PIS User Journey PSU authentication, with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the PISP service. This enables the PSU to authenticate with the ASPSP while using a PISP for a PIS service using the same ASPSP app based authentication method that they… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
App to Browser Redirection App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. In these instances, the TPP app will need to launch the native mobile browser in order to present the PSU with their ASPSP’s… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
App-to-browser redirection – AIS App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. In these instances, the TPP app will need to launch the native mobile browser in order to present the PSU with their ASPSP’s… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Browser-to-app redirection App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. In these instances, the TPP app will need to launch the native mobile browser in order to present the PSU with their ASPSP’s… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Effective use of redirection screens App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. In these instances, the TPP app will need to launch the native mobile browser in order to present the PSU with their ASPSP’s… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Decoupled Model A: Static PSU Identifier PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is passed to ASPSP to identify the PSU User Journey A decoupled authentication flow, where the PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is used by the ASPSP to notify the PSU, such that the PSU can authenticate using the ASPSP… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 Decoupled Model B: ASPSP Generated Identifier PSU provides an ASPSP generated unique identifier to the TPP (AISP/PISP/CBPII) which is then passed back to ASPSP to identify the PSU User Journey A decoupled authentication flow where the PSU provides a dynamic identifier generated with their ASPSP to the TPP (AISP/PISP/CBPII) which is then used by the ASPSP to identify the PSU… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 Decoupled Model C: TPP Generated Identifier PSU provides a TPP (AISP/PISP/CBPII) generated unique identifier to the ASPSP to identify the request from the TPP User Journey A decoupled authentication flow where the PSU provides a dynamic identifier generated with their ASPSP to the TPP (AISP/PISP/CBPII), which is then used by the ASPSP to identify the PSU through the ASPSP… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 Decoupled Model D: PSU with a TPP Account TPP (AISP/PISP/CBPII) passes the PSU’s stored unique identifier to the ASPSP to identify the PSU User Journey A decoupled authentication flow where the TPP (AISP/PISP/CBPII) provides the ASPSP a stored PSU identifier, generated by the ASPSP from a previous PSU transaction. This is used by the ASPSP to notify the PSU such that the… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Decoupled Model A: Static PSU Identifier PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is passed to ASPSP to identify the PSU User Journey A decoupled authentication flow, where the PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is used by the ASPSP to notify the PSU, such that the PSU can authenticate using the ASPSP… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Decoupled Model B: ASPSP Generated Identifier PSU provides an ASPSP generated unique identifier to the TPP (AISP/PISP/CBPII) which is then passed back to ASPSP to identify the PSU User Journey A decoupled authentication flow where the PSU provides a dynamic identifier generated with their ASPSP to the TPP (AISP/PISP/CBPII) which is then used by the ASPSP to identify the PSU… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Decoupled Model C: TPP Generated Identifier PSU provides a TPP (AISP/PISP/CBPII) generated unique identifier to the ASPSP to identify the request from the TPP User Journey A decoupled authentication flow where the PSU provides a dynamic identifier generated with their ASPSP to the TPP (AISP/PISP/CBPII), which is then used by the ASPSP to identify the PSU through the ASPSP… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Decoupled Model D: PSU with a TPP Account TPP (AISP/PISP/CBPII) passes the PSU’s stored unique identifier to the ASPSP to identify the PSU User Journey A decoupled authentication flow where the TPP (AISP/PISP/CBPII) provides the ASPSP a stored PSU identifier, generated by the ASPSP from a previous PSU transaction. This is used by the ASPSP to notify the PSU such that the… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
ASPSP applies an available exemption User Journey Where all information for a complete payment order (including the PSUs’ account details) is passed from PISPs to ASPSPs, once PSUs have been authenticated, PSUs must be directed back to the PISP domain without any further steps taking place. This excludes the cases where supplementary information is required to be provided to… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019 Using an Available Exemption with a Customer Identifier User Journey Where all information for a complete payment order (including the PSUs’ account details) is passed from PISPs to ASPSPs, once PSUs have been authenticated, PSUs must be directed back to the PISP domain without any further steps taking place. This excludes the cases where supplementary information is required to be provided to… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
ASPSP applies an available exemption User Journey Where all information for a complete payment order (including the PSUs’ account details) is passed from PISPs to ASPSPs, once PSUs have been authenticated, PSUs must be directed back to the PISP domain without any further steps taking place. This excludes the cases where supplementary information is required to be provided to… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019
Using an Available Exemption with a Customer Identifier User Journey Where all information for a complete payment order (including the PSUs’ account details) is passed from PISPs to ASPSPs, once PSUs have been authenticated, PSUs must be directed back to the PISP domain without any further steps taking place. This excludes the cases where supplementary information is required to be provided to… View journey This version was published 4 Years & 11 Months ago 20 Dec 2019