Other pages in this section Permissions & Data Clusters for AIS journeys Account Information Consent Refreshing AISP access 90-Days Re-authentication Consent Dashboard & Revocation AIS Access Dashboard & Revocation Access Status Notifications by ASPSPs AIS Access for PSUs from Corporate Entities
This content is best viewed on a desktop browser. 1 CEG Checklist Requirements 1AISPs should alert the PSU when authentication needs to be performed to refresh AISP access. 2 CX Considerations 2AISPs should make it clear that the PSU is being asked to authenticate to extend the AISP access to their account data and that no other element of the consent (e.g. the data permissions required, the purpose for which it will be used etc.) will change. 3 CEG Checklist Requirements 3IAISPs must present a high level summary of the data that is being requested and make it clear that this data and the purpose for which it will be used are the same as when originally requested. This should be done using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below) . AISPs must ensure that this request is specific to only the information required for the provision of their account information service to the PSU. AISPs should only present those data clusters relevant for the product type in question. Where the request is for multiple product types then the detail shown in the data cluster should explain to the customer the product type to which it applies or state that it is shared across multiple product types. If the customer facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. 4 CEG Checklist Requirements 4ASPSPs must not replay the data requested (as a default) or seek re-confirmation of consent. 5 CX Considerations 5As part of the authentication journey, the ASPSP could have a call to action, for example, to an expandable section that the PSU can click on for information purposes only. If the ASPSP provides this option for the PSU as supplementary information, it will enable the PSU to view the data they have chosen to share with the AISP. This should be done using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below). If the customer facing entity is acting as an agent for the AISP and this information is made available to the ASPSP, the ASPSP should make the PSU aware that the agent is acting on behalf of the AISP. This can be presented to the PSU by displaying both the agent’s name and the regulated AISP name as: The information will be shared with , who is acting on behalf of 6 CEG Checklist Requirements 6AISPs should confirm the successful completion of the account information request to the PSU. Select to scroll left Select to scroll right
CEG Checklist Requirements & CX Considerations 1 AISPs should alert the PSU when authentication needs to be performed to refresh AISP access. 16 2 AISPs should make it clear that the PSU is being asked to authenticate to extend the AISP access to their account data and that no other element of the consent (e.g. the data permissions required, the purpose for which it will be used etc.) will change. 3 AISPs must present a high level summary of the data that is being requested and make it clear that this data and the purpose for which it will be used are the same as when originally requested. This should be done using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below) . AISPs must ensure that this request is specific to only the information required for the provision of their account information service to the PSU. AISPs should only present those data clusters relevant for the product type in question. Where the request is for multiple product types then the detail shown in the data cluster should explain to the customer the product type to which it applies or state that it is shared across multiple product types. If the customer facing entity is acting on behalf of an AISP as its agent, the PSU must be made aware that the agent is acting on behalf of the AISP. 13b 4 ASPSPs must not replay the data requested (as a default) or seek re-confirmation of consent. 2 5 As part of the authentication journey, the ASPSP could have a call to action, for example, to an expandable section that the PSU can click on for information purposes only. If the ASPSP provides this option for the PSU as supplementary information, it will enable the PSU to view the data they have chosen to share with the AISP. This should be done using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below). If the customer facing entity is acting as an agent for the AISP and this information is made available to the ASPSP, the ASPSP should make the PSU aware that the agent is acting on behalf of the AISP. This can be presented to the PSU by displaying both the agent’s name and the regulated AISP name as: The information will be shared with <agent>, who is acting on behalf of <AISP> 6 AISPs should confirm the successful completion of the account information request to the PSU. 18
Account Information Consent Previous Related articles Please select API specifications Account Access Consents Security & Access Control Consent Re-authentication 90-Days Re-authentication Next