One of the primary ambitions of these guidelines is to provide simplification and consistency throughout each stage of the Open Banking implementation. As such, we have defined a core set of AIS journeys to illustrate the roles played by each of the Participants in the Open Banking ecosystem.
Other pages in this section Get Started Authentication Methods Account Information Services Payment Initiation Services Card Based Payment Instrument Issuers (CBPIIs) Checklist Appendices Change Log
Featured journeys Account Information Consent PSU selects the ASPSP(s) where their payment account(s) is held. The PSU is then directed to the domain of its ASPSP for authentication and to select the account(s) they want to give access to. Once the PSU has been authenticated, their ASPSP will be able to respond to the AISP's request by providing the account information that has been requested. View journey This version was published 4 Years & 6 Months ago 25 Jun 2020 Refreshing AISP access The customer journey when a PSU needs to refresh AISP access, so the AISP can continue to provide the service previously consented to by authenticating again at their ASPSP. All other elements of the consent (data permissions required, purpose for which the data will be used, transaction history period and consent expiration date) remain unchanged. View journey This version was published 4 Years & 6 Months ago 25 Jun 2020 Consent Dashboard & Revocation AISPs must provide PSUs with a facility to view and revoke on-going consents that they have given to that AISP. They may have consented to share data from several ASPSPs with a single AISP. This section describes how these consents should be displayed and how the customer journey to revoke them should be constructed. View journey This version was published 4 Years & 6 Months ago 25 Jun 2020 AIS Access Dashboard & Revocation User Journey ASPSPs must provide PSUs with a facility to view and revoke on-going access that they have given to any AISP for each account held at that ASPSP. This section describes how AISP’s access should be displayed and how the customer journey to revoke them should be constructed. Wireframes Examples … View journey This version was published 4 Years & 6 Months ago 25 Jun 2020 Access Status Notifications by ASPSPs User Journey In addition to the mandatory notifications between AISPs and ASPSPs (refer to section Mandatory notification mechanisms between AISPs and ASPSPs), OB Standards have been extended to provide the following additional notification mechanisms: A. Real Time / Push Notifications: Functionality to enable ASPSPs to notify AISPs in real time (i.e. immediately) when a PSU revokes their access… View journey This version was published 4 Years & 6 Months ago 25 Jun 2020 AIS Access for PSUs from Corporate Entities User Journey PSUs, with delegated user authority on behalf of corporates who are authorised to receive corporate account information via AISPs, will be able to provide consent to the AISPs using the standard AIS journey shown in section Account Information Consent. In this journey the AISP presents to the PSU a description of… View journey This version was published 4 Years & 6 Months ago 25 Jun 2020 90-Days Re-authentication User Journey The PSRs require Strong Customer Authentication (SCA) to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10), however, this… View journey This version was published 4 Years & 6 Months ago 25 Jun 2020 Permissions & Data Clusters for AIS journeys In the Open Banking API design, data elements are logically grouped together into "permissions". It is at this level that AISPs request data access. If they request access to a specific permission they will have access to all the data elements in the permission. View journey This version was published 4 Years & 6 Months ago 25 Jun 2020
Account Information Consent PSU selects the ASPSP(s) where their payment account(s) is held. The PSU is then directed to the domain of its ASPSP for authentication and to select the account(s) they want to give access to. Once the PSU has been authenticated, their ASPSP will be able to respond to the AISP's request by providing the account information that has been requested. View journey This version was published 4 Years & 6 Months ago 25 Jun 2020
Refreshing AISP access The customer journey when a PSU needs to refresh AISP access, so the AISP can continue to provide the service previously consented to by authenticating again at their ASPSP. All other elements of the consent (data permissions required, purpose for which the data will be used, transaction history period and consent expiration date) remain unchanged. View journey This version was published 4 Years & 6 Months ago 25 Jun 2020
Consent Dashboard & Revocation AISPs must provide PSUs with a facility to view and revoke on-going consents that they have given to that AISP. They may have consented to share data from several ASPSPs with a single AISP. This section describes how these consents should be displayed and how the customer journey to revoke them should be constructed. View journey This version was published 4 Years & 6 Months ago 25 Jun 2020
AIS Access Dashboard & Revocation User Journey ASPSPs must provide PSUs with a facility to view and revoke on-going access that they have given to any AISP for each account held at that ASPSP. This section describes how AISP’s access should be displayed and how the customer journey to revoke them should be constructed. Wireframes Examples … View journey This version was published 4 Years & 6 Months ago 25 Jun 2020
Access Status Notifications by ASPSPs User Journey In addition to the mandatory notifications between AISPs and ASPSPs (refer to section Mandatory notification mechanisms between AISPs and ASPSPs), OB Standards have been extended to provide the following additional notification mechanisms: A. Real Time / Push Notifications: Functionality to enable ASPSPs to notify AISPs in real time (i.e. immediately) when a PSU revokes their access… View journey This version was published 4 Years & 6 Months ago 25 Jun 2020
AIS Access for PSUs from Corporate Entities User Journey PSUs, with delegated user authority on behalf of corporates who are authorised to receive corporate account information via AISPs, will be able to provide consent to the AISPs using the standard AIS journey shown in section Account Information Consent. In this journey the AISP presents to the PSU a description of… View journey This version was published 4 Years & 6 Months ago 25 Jun 2020
90-Days Re-authentication User Journey The PSRs require Strong Customer Authentication (SCA) to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10), however, this… View journey This version was published 4 Years & 6 Months ago 25 Jun 2020
Permissions & Data Clusters for AIS journeys In the Open Banking API design, data elements are logically grouped together into "permissions". It is at this level that AISPs request data access. If they request access to a specific permission they will have access to all the data elements in the permission. View journey This version was published 4 Years & 6 Months ago 25 Jun 2020