One of the primary ambitions of these guidelines is to provide simplification and consistency throughout each stage of the Open Banking implementation. As such, we have defined a core set of AIS journeys to illustrate the roles played by each of the Participants in the Open Banking ecosystem.
Other pages in this section Get Started Authentication Methods Account Information Services Payment Initiation Services Card Based Payment Instrument Issuers (CBPIIs) Checklist Appendices Change Log
Featured journeys Account Information Consent User Journey In this journey the AISP presents to the PSU a description of the data that it requires in order to support its service proposition.PSU selects the ASPSP(s) where their payment account(s) is held. The PSU is then directed to the domain of its ASPSP for authentication and to select the account(s)… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021 Refreshing AISP access User Journey The PSRs require strong customer authentication to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10). However, this will… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021 Consent Dashboard & Revocation User Journey AISPs must provide PSUs with a facility to view and revoke on-going consents that they have given to that AISP. They may have consented to share data from several ASPSPs with a single AISP. This section describes how these consents should be displayed and how the customer journey to revoke them should… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021 AIS Access Dashboard & Revocation User Journey ASPSPs must provide PSUs with a facility to view and revoke on-going access that they have given to any AISP for each account held at that ASPSP. This section describes how AISP’s access should be displayed and how the customer journey to revoke them should be constructed. Wireframes Examples What the… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021 Access Status Notifications by ASPSPs In addition to the mandatory notifications between AISPs and ASPSPs (refer to section Mandatory notification mechanisms between AISPs and ASPSPs), OB Standards have been extended to provide additional notification mechanisms. View journey This version was published 3 Years & 8 Months ago 31 Mar 2021 AIS Access for PSUs from Corporate Entities User Journey PSUs, with delegated user authority on behalf of corporates who are authorised to receive corporate account information via AISPs, will be able to provide consent to the AISPs using the standard AIS journey shown in section Account Information Consent. In this journey the AISP presents to the PSU a description of the… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021 90-Days Re-authentication User Journey The PSRs require Strong Customer Authentication (SCA) to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10), however, this… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021 Permissions & Data Clusters for AIS journeys Permissions In the Open Banking API design, data elements are logically grouped together into “permissions”. It is at this level that AISPs request data access. If they request access to a specific permission they will have access to all the data elements in the permission. This provides a pragmatic approach, allowing AISPs to be selective… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021
Account Information Consent User Journey In this journey the AISP presents to the PSU a description of the data that it requires in order to support its service proposition.PSU selects the ASPSP(s) where their payment account(s) is held. The PSU is then directed to the domain of its ASPSP for authentication and to select the account(s)… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021
Refreshing AISP access User Journey The PSRs require strong customer authentication to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10). However, this will… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021
Consent Dashboard & Revocation User Journey AISPs must provide PSUs with a facility to view and revoke on-going consents that they have given to that AISP. They may have consented to share data from several ASPSPs with a single AISP. This section describes how these consents should be displayed and how the customer journey to revoke them should… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021
AIS Access Dashboard & Revocation User Journey ASPSPs must provide PSUs with a facility to view and revoke on-going access that they have given to any AISP for each account held at that ASPSP. This section describes how AISP’s access should be displayed and how the customer journey to revoke them should be constructed. Wireframes Examples What the… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021
Access Status Notifications by ASPSPs In addition to the mandatory notifications between AISPs and ASPSPs (refer to section Mandatory notification mechanisms between AISPs and ASPSPs), OB Standards have been extended to provide additional notification mechanisms. View journey This version was published 3 Years & 8 Months ago 31 Mar 2021
AIS Access for PSUs from Corporate Entities User Journey PSUs, with delegated user authority on behalf of corporates who are authorised to receive corporate account information via AISPs, will be able to provide consent to the AISPs using the standard AIS journey shown in section Account Information Consent. In this journey the AISP presents to the PSU a description of the… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021
90-Days Re-authentication User Journey The PSRs require Strong Customer Authentication (SCA) to be performed each time the PSU accesses its online payment account, either directly or using the services of an AISP. The frequency of authentication can be reduced if an ASPSP applies the exemption relevant to account information access (RTS, Article 10), however, this… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021
Permissions & Data Clusters for AIS journeys Permissions In the Open Banking API design, data elements are logically grouped together into “permissions”. It is at this level that AISPs request data access. If they request access to a specific permission they will have access to all the data elements in the permission. This provides a pragmatic approach, allowing AISPs to be selective… View journey This version was published 3 Years & 8 Months ago 31 Mar 2021