Account Information Services

AIS Access Dashboard & Revocation

This version is:

Published 6 years ago 01 Mar 2019

User Journey ASPSPs must provide PSUs with a facility to view and revoke on-going…

Other pages in this section

User Journey

ASPSPs must provide PSUs with a facility to view and revoke on-going access that they have given to any AISP for each account held at that ASPSP. This section describes how AISP’s access should be displayed and how the customer journey to revoke them should be constructed.

Wireframes

This content is best viewed on a desktop browser.

CX Considerations 1
AISPs must describe the data being shared through each consent using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below) and ensure this request is specific to the only the information required for the provision of their account information service to the PSU. AISPs should present the data at a Data Cluster level and allow the PSU to expand the level of detail to show each Data Permission. The Consent Dashboard should also describe: The purpose of the data request (including whether any other parties will have access to the information). Where the request is for multiple product types, the detail should explain to the customer the product type to which it applies or state that it is shared across multiple product types. The period for which the transaction data has been requested. When the TPP’s access to the data will expire. The date the consent was granted. If the customer-facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. “Agent” means a person or entity who acts on behalf of an authorised payment institution or a small payment institution in the provision of payment services including account information services.

CEG Checklist Requirements 2
ASPSPs must describe the data being accessed using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below). ASPSPs should present the data at a Data Cluster level and allow the PSU to expand the level of detail to show each Data Permission. The Access Dashboard should also describe: The status of the authorisation e.g. Active/Inactive. When the AISP’s access to the account(s) will expire. The date the authorisation was granted. The access dashboard must allow a PSU to view or cancel the access they have given consent to. These 2 functions should be given equal prominence when offered to the PSU.

CX Considerations 3
ASPSPs should advise PSUs that they should contact the associated AISP to inform them of the cancellation of access and/or understand the consequences of doing so.

Requirements and Considerations

If the customer-facing entity is acting on behalf of an AISP as its agent, the PSU should be made aware that the agent is acting on behalf of the AISP.

This can be presented to the PSU by displaying both the agent’s name and the regulated AISP name in the list of providers, where applicable.

“Agent” means a person or entity who acts on behalf of an authorised payment institution or a small payment institution in the provision of payment services including account information services.

ASPSPs must describe the data being accessed using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below).

ASPSPs should present the data at a Data Cluster level and allow the PSU to expand the level of detail to show each Data Permission.

The Access Dashboard should also describe:

The status of the authorisation e.g. Active/Inactive.
When the AISP’s access to the account(s) will expire.
The date the authorisation was granted.

The access dashboard must allow a PSU to view or cancel the access they have given consent to. These 2 functions should be given equal prominence when offered to the PSU.

13a 10

ASPSPs should advise PSUs that they should contact the associated AISP to inform them of the cancellation of access and/or understand the consequences of doing so.

Consent Dashboard & Revocation Previous

Access Status notifications by ASPSPs Next

What the research says
“Consumer research has shown that people feel most confident that a revocation has been actioned, when it is has taken place with an ASPSP. Their perception is that they are ‘stopping’ the information at ‘source’ rather than instructing a TPP not to ‘take’ the information.”
Click for customer research

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How can we help?