Other pages in this section Account Information Consent Refreshing AISP access Consent Dashboard & Revocation AIS Access Dashboard & Revocation Access Status Notifications by ASPSPs AIS Access for PSUs from Corporate Entities 90-Days Re-authentication Permissions & Data Clusters for AIS journeys
This content is best viewed on a desktop browser. 1 CEG Checklist 1AISPs must alert the PSU when authentication needs to be performed to refresh AISP access. Note: AISP may notify the PSU (in session or outside e.g via SMS or push notification) in advance and the advance period can be left in the AISPs competitive space. 2 CX Considerations 2AISPs should allow the PSU to select all the payment accounts across ASPSPs that may or may not be due for access refresh. 3 CX Checklist 3AISPs should make it clear that the PSU is being asked to authenticate to extend the AISP access to their account data and that no other element of the consent (e.g. the data permissions required, the purpose for which it will be used etc.) will change. If the customer-facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. 4 CEG Considerations 4AISPs must also allow the PSU to confirm their request after selecting the accounts. 5 CEG Checklist 5AISPs must also allow the PSU to confirm their request after selecting the accounts. 6 CEG Checklist 6AISPs must ask the PSU to undergo SCA with the AISP provided credentials as agreed with the ASPSPs. 7 CEG Checklist 7AISPs must provide confirmation to the PSU that authentication has been successfully completed and access has been refreshed. Note: AISP may do an a-synchronised call to each ASPSP after the PSU has confirmed their request and successfully authenticated to continue access. The AISP should notify the PSU with an appropriate message that access to the respective account(s) will be refreshed with their ASPSP(s). Select to scroll left Select to scroll right
CEG Checklist Requirements & CX Considerations 1 AISPs must alert the PSU when authentication needs to be performed to refresh AISP access. Note: AISP may notify the PSU (in session or outside e.g via SMS or push notification) in advance and the advance period can be left in the AISPs competitive space. 16 2 AISPs should allow the PSU to select all the payment accounts across ASPSPs that may or may not be due for access refresh. 3 AISPs must display the company’s trading name/brand name (i.e. the Client Name) to the PSU during the setup and revocation of consent. If the AISP is only trading with its registered company name then it must display that name to the PSU. If the AISP is not the customer-facing entity and there is an Agent who is acting on behalf of the AISP, then the Agent must make the PSU aware that they are acting as an agent on behalf of the AISP and must also, display the AISP’s full trading name/brand name or registered company name whichever is the customer-facing brand of the AISP. AISPs must also, populate the Agent company name in the ‘On behalf of’ field of the software statement, in order to inform the ASPSP about the agency relationship and allow the ASPSP to be able to display this information to the PSU. Only in instances where there is an Agent acting on behalf of the AISP, the ‘On Behalf of’ name must be displayed to the PSU. AISPs must not populate the ‘ On behalf of’ field with the details of their TSP. The customer-facing entity must provide PSUs with sufficient information to enable them to make an informed decision. For example, detail the purpose for which the data will be used (including whether any other parties will have access to the information), the period over which it has been requested and when the consent for the account information will expire (consent could be ongoing or one-off). For examples of what names should be displayed, please refer to Consent Dashboard & Revocation, Examples. 8 4 AISPs should make it clear that the PSU is being asked to authenticate to extend the AISP access to their account data and that no other element of the consent (e.g. the data permissions required, the purpose for which it will be used etc.) will change. 5 AISPs must also allow the PSU to confirm their request after selecting the accounts. 17a 6 AISPs must ask the PSU to undergo SCA with the AISP provided credentials as agreed with the ASPSPs. 17b 7 AISPs must provide confirmation to the PSU that authentication has been successfully completed and access has been refreshed. Note: AISP may do an a-synchronised call to each ASPSP after the PSU has confirmed their request and successfully authenticated to continue access. The AISP should notify the PSU with an appropriate message that access to the respective account(s) will be refreshed with their ASPSP(s). 18a
AIS Access for PSUs from Corporate Entities Previous Related articles Please select API specifications Account Access Consents Security & Access Control Consent Re-authentication (AIS) Consent Re-authentication (General) Permissions & Data Clusters for AIS journeys Next