The customer journey when a PSU needs to refresh AISP access, so the AISP can continue to provide the service previously consented to by authenticating again at their ASPSP. All other elements of the consent (data permissions required, purpose for which the data will be used, transaction history period and consent expiration date) remain unchanged.
Other pages in this section Account Information Consent Refreshing AISP access Consent Dashboard & Revocation AIS Access Dashboard & Revocation Access Status Notifications by ASPSPs AIS Access for PSUs from Corporate Entities 90-Days Re-authentication Permissions & Data Clusters for AIS journeys
This content is best viewed on a desktop browser. 1 CEG Checklist Requirements 1AISPs should alert the PSU when authentication needs to be performed to refresh AISP access. 2 CX Considerations 2AISPs should make it clear that the PSU is being asked to authenticate to extend the AISP access to their account data and that no other element of the consent (e.g. the data permissions required, the purpose for which it will be used etc.) will change. If the customer-facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. The customer-facing entity must also display the AISP’s full trading name. This can be presented to the PSU by displaying both the agent’s name and the regulated AISP name as: For you to use this service, acting on behalf of need to access information from your accounts at YOUR ASPSP. Example above is where there is no Agent and the AISP is trading with its registered company nam 3 CX Checklist Requirements 3AISPs must display the company’s trading name/brand name (i.e. the Client Name) to the PSU during the setup and revocation of consent. If the AISP is only trading with its registered company name then it must display that name to the PSU. If the AISP is not the customer-facing entity and there is an Agent who is acting on behalf of the AISP, then the Agent must make the PSU aware that they are acting as an agent on behalf of the AISP and must also, display the AISP’s full trading name/brand name or registered company name whichever is the customer-facing brand of the AISP. AISPs must also, populate the Agent company name in the ‘On behalf of’ field of the software statement, in order to inform the ASPSP about the agency relationship and allow the ASPSP to be able to display this information to the PSU (please refer to item #5). Only in instances where there is an Agent acting on behalf of the AISP, the ‘On Behalf of’ name must be displayed to the PSU. AISPs must not populate the ‘ On behalf of’ field with the details of their TSP. The customer-facing entity must provide PSUs with sufficient information to enable them to make an informed decision. For example, detail the purpose for which the data will be used (including whether any other parties will have access to the information), the period over which it has been requested and when the consent for the account information will expire (consent could be ongoing or one-off). For examples of what names should be displayed, please refer to Consent Dashboard & Revocation, Examples. 4 CEG Checklist Requirements 4IAISPs must present a high level summary of the data that is being requested and make it clear that this data and the purpose for which it will be used are the same as when originally requested. This should be done using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below) . AISPs must ensure that this request is specific to only the information required for the provision of their account information service to the PSU. AISPs should only present those data clusters relevant for the product type in question. Where the request is for multiple product types then the detail shown in the data cluster should explain to the customer the product type to which it applies or state that it is shared across multiple product types. If the customer facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. 5 CEG Checklist Requirements 5ASPSPs must not replay the data requested (as a default) or seek re-confirmation of consent. 6 CX Considerations 6As part of the authentication journey, the ASPSP could have a call to action, for example, to an expandable section that the PSU can click on for information purposes only. If the ASPSP provides this option for the PSU as supplementary information, it will enable the PSU to view the data they have chosen to share with the AISP. This should be done using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below). If the customer facing entity is acting as an agent for the AISP and this information is made available to the ASPSP, the ASPSP should make the PSU aware that the agent is acting on behalf of the AISP. This can be presented to the PSU by displaying both the agent’s name and the regulated AISP name as: The information will be shared with , who is acting on behalf of 7 CEG Checklist Requirements 7AISPs should confirm the successful completion of the account information request to the PSU. Select to scroll left Select to scroll right
CEG Checklist Requirements & CX Considerations 1 AISPs should alert the PSU when authentication needs to be performed to refresh AISP access. 16 2 AISPs should make it clear that the PSU is being asked to authenticate to extend the AISP access to their account data and that no other element of the consent (e.g. the data permissions required, the purpose for which it will be used etc.) will change. If the customer-facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. The customer-facing entity must also display the AISP’s full trading name. This can be presented to the PSU by displaying both the agent’s name and the regulated AISP name as: For you to use this service, <Agent company name> acting on behalf of <TPP Trading Name> need to access information from your accounts at YOUR ASPSP. Example above is where there is no Agent and the AISP is trading with its registered company name. 3 AISPs must display the company’s trading name/brand name (i.e. the Client Name) to the PSU during the setup and revocation of consent. If the AISP is only trading with its registered company name then it must display that name to the PSU. If the AISP is not the customer-facing entity and there is an Agent who is acting on behalf of the AISP, then the Agent must make the PSU aware that they are acting as an agent on behalf of the AISP and must also, display the AISP’s full trading name/brand name or registered company name whichever is the customer-facing brand of the AISP. AISPs must also, populate the Agent company name in the ‘On behalf of’ field of the software statement, in order to inform the ASPSP about the agency relationship and allow the ASPSP to be able to display this information to the PSU (please refer to item #5). Only in instances where there is an Agent acting on behalf of the AISP, the ‘On Behalf of’ name must be displayed to the PSU. AISPs must not populate the ‘ On behalf of’ field with the details of their TSP. The customer-facing entity must provide PSUs with sufficient information to enable them to make an informed decision. For example, detail the purpose for which the data will be used (including whether any other parties will have access to the information), the period over which it has been requested and when the consent for the account information will expire (consent could be ongoing or one-off). For examples of what names should be displayed, please refer to Consent Dashboard & Revocation, Examples. 8 4 AISPs must present a high-level summary of the data that is being requested and make it clear that this data and the purpose for which it will be used are the same as when originally requested. This should be done using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below). AISPs must ensure that this request is specific to only the information required for the provision of their account information service to the PSU. AISPs should only present those data clusters relevant to the product type in question. Where the request is for multiple product types then the detail shown in the data cluster should explain to the customer the product type to which it applies or state that it is shared across multiple product types. 13b 5 ASPSPs must not replay the data requested (as a default) or seek re-confirmation of consent. 2 6 As part of the authentication journey, the ASPSP could have a call to action, for example, to an expandable section that the PSU can click on for information purposes only. If the ASPSP provides this option for the PSU as supplementary information, it will enable the PSU to view the data they have chosen to share with the AISP. This should be done using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below). ASPSPs must display the TPPs’ trading name/brand name (i.e. the Client Name in the software statement) to the PSU during authentication screens and on any Access Dashboards. They do not need to display the registered company name of the TPP even if it is different. If there is an Agent acting on behalf of the TPP, ASPSPs must also display the Agent company name (as captured in the ‘On behalf of’ field of the software statement) to the PSU. (Please note that ASPSPs can show the Agency/On Behalf field only in cases where this information has been provided by AISPs). For examples of what names should be displayed, please refer to AIS Access Dashboard & Revocation, Examples. 7 AISPs should confirm the successful completion of the account information request to the PSU. 18
Account Information Consent Previous Related articles Please select API specifications Account Access Consents Security & Access Control Consent Re-authentication Consent Dashboard & Revocation Next