Other pages in this section Permissions & Data Clusters for AIS journeys Account Information Consent Refreshing AISP access 90-Days Re-authentication Consent Dashboard & Revocation AIS Access Dashboard & Revocation Access Status Notifications by ASPSPs AIS Access for PSUs from Corporate Entities
This content is best viewed on a desktop browser. 1 CEG Checklist 1AISPs should alert the PSU when authentication needs to be performed to refresh AISP access. Note: AISP may notify the PSU (in session or outside e.g via SMS or push notification) in advance and the advance period can be left in the AISPs competitive space. 2 CX Considerations 2AISPs must allow the PSU to select all the payment accounts across ASPSPs that may or may not be due for access refresh. 3 CX Considerations 3AISPs should make it clear that the PSU is being asked to authenticate to extend the AISP access to their account data and that no other element of the consent (e.g. the data permissions required, the purpose for which it will be used etc.) will change. If the customer-facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. 4 CEG Checklist 4AISPs must also allow the PSU to confirm their request after selecting the accounts. 5 CEG Checklist 5AISPs must ask the PSU to undergo SCA with the AISP provided credentials as agreed with the ASPSPs. 6 CEG Checklist 6AISPs should provide confirmation to the PSU that authentication has been successfully completed and access has been refreshed. Note: AISP may do an a-synchronised call to each ASPSP after the PSU has confirmed their request and successfully authenticated to continue access. The AISP should notify the PSU with an appropriate message that access to the respective account(s) will be refreshed with their ASPSP(s). Select to scroll left Select to scroll right
CEG Checklist Requirements & CX Considerations 1 AISPs should alert the PSU when authentication needs to be performed to refresh AISP access. Note: AISP may notify the PSU (in session or outside e.g via SMS or push notification) in advance and the advance period can be left in the AISPs competitive space. 16 2 AISPs must allow the PSU to select all the payment accounts across ASPSPs that may or may not be due for access refresh. 3 AISPs should make it clear that the PSU is being asked to authenticate to extend the AISP access to their account data and that no other element of the consent (e.g. the data permissions required, the purpose for which it will be used etc.) will change. If the customer facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. 4 AISPs must also allow the PSU to confirm their request after selecting the accounts. 17a 5 AISPs must ask the PSU to undergo SCA with the AISP provided credentials as agreed with the ASPSPs. 17b 6 AISPs should provide confirmation to the PSU that authentication has been successfully completed and access has been refreshed. Note: AISP may do an a-synchronised call to each ASPSP after the PSU has confirmed their request and successfully authenticated to continue access. The AISP should notify the PSU with an appropriate message that access to the respective account(s) will be refreshed with their ASPSP(s). 18a
Refreshing AISP access Previous Related articles Please select API specifications Account Access Consents Security & Access Control Consent Re-authentication (AIS) Consent Re-authentication (General) Consent Dashboard & Revocation Next