AIS Access Dashboard & Revocation

User Journey

ASPSPs must provide PSUs with a facility to view and revoke on-going access that they have given to any AISP for each account held at that ASPSP. This section describes how AISP’s access should be displayed and how the customer journey to revoke them should be constructed.

Wireframes

CX Considerations 1

ASPSPs must display the TPPs' trading name/brand name (i.e. the Client Name in the software statement) to the PSU during authentication screens and on any Access Dashboards. They do not need to display the registered company name of the TPP even if it is different. If there is an Agent acting on behalf of the TPP, ASPSPs must also, display the Agent company name (as captured in the 'On behalf of' field of the software statement) to the PSU. (Please note that ASPSPs can only show the Agency/On Behalf field in cases where this information has been provided by AISPs). For examples of what names should be displayed, please refer to below table Examples. You may also refer to FAQs on Which name must TPPs display to the PSU.

CX Considerations 2

ASPSPs should offer a functionality ( e.g. search, sort, filter) to enable a PSU to search for the relevant access. This will be of particular benefit as the number of consents given by a PSU to TPPs increases.

CEG Checklist Requirements 3

ASPSPs must describe the data being accessed using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below). ASPSPs should present the data at a Data Cluster level and allow the PSU to expand the level of detail to show each Data Permission. The Access Dashboard should also, describe: The status of the access e.g. Active/Inactive. When the AISP's access to the account(s) will expire, if available. The date the authorisation was granted. And may include the date of last access. ASPSPs must make available on all channels an access dashboard which allows PSUs to view access which has been previously granted. It must be easy and intuitive for PSUs to find and use.

CX Considerations 4

ASPSPs should make the status of TPP access clear by the use of emboldened words. The ASPSP should also make it clear, which party provided the AISP access, in the case of joint/ multiple account holders.

CEG Checklist Requirements 5

ASPSPs must advise PSUs that they should contact the associated AISP to inform them of the cancellation of access and/or understand the consequences of doing so.

CEG Checklist Requirements 5

ASPSPs must advise PSUs that they should contact the associated AISP to inform them of the cancellation of access and/or understand the consequences of doing so.

TPP Trading Name

A trading name is a name (or names) used by a person, partnership or company for carrying out business, which is not the same as their own name or official registered name. The trading name is the customer-facing entity name of the company or the name of a brand or product owned by the company and should be registered with the FCA.

TPP Registered Company Name

A company name is the registered legal entity name of the business. This is also referred to as the Organisation Name or Business Name and is usually the name that will appear on the relevant NCA register, as well as, the eIDAS certificate.

TPP Agent Company Name

An agent means a person or entity who acts on behalf of an authorised payment institution or a small payment institution in the provision of payment service. Agents are registered with the FCA under their principal’s entry.

CEG Checklist Requirements & CX Considerations

ASPSPs must display the TPPs’ trading name/brand name (i.e. the Client Name in the software statement) to the PSU during authentication screens and on any Access Dashboards. They do not need to display the registered company name of the TPP even if it is different.

If there is an Agent acting on behalf of the TPP, ASPSPs must also, display the Agent company name (as captured in the ‘On behalf of’ field of the software statement) to the PSU. (Please note that ASPSPs can only show the Agency/On Behalf field in cases where this information has been provided by AISPs).

For examples of what names should be displayed, please refer to below table Examples.

You may also refer to FAQs on Which name must TPPs display to the PSU.

ASPSPs should offer a functionality ( e.g. search, sort, filter) to enable a PSU to search for the relevant access. This will be of particular benefit as the number of consents given by a PSU to TPPs increases.

ASPSPs must describe the data being accessed using the structure and language recommended by OBIE following customer research (see Data Cluster Structure & Language below).

ASPSPs should present the data at a Data Cluster level and allow the PSU to expand the level of detail to show each Data Permission.

The Access Dashboard should also describe:

  • The status of the access e.g. Active/Inactive.
  • When the AISP’s access to the account(s) will expire, if available.
  • The date the authorisation was granted.

And may include the date of last access.

ASPSPs must make available on all digital channels an access dashboard which allows PSUs to view access which has been previously granted and it must be easy and intuitive for PSUs to find and use.

13a 10a
ASPSPs should make the status of TPP access clear by the use of emboldened words. The ASPSP should also make it clear, which party provided the AISP access, in the case of joint/ multiple account holders.
The access dashboard must allow a PSU to view or cancel the access they have given consent to. These functions “cancel access” and “back” should be given equal prominence when offered to the PSU. ASPSPs must advise PSUs that they should contact the associated AISP to inform them of the cancellation of access and/or understand the consequences of doing so.
10c

Examples

Customer-facing entity name /Trading Name (Client Name in Software Statement)Registered Legal Entity Name (Company Name/ Organisation Name)‘On Behalf of’ Name (‘On Behalf of’ field in Software Statement)What to display
ABC TradesABC Company LtdABC Trades
ABC Company LtdABC Company LtdABC Company Ltd
ABC Company LtdABC Company LtdOBO LtdOBO Ltd on behalf of ABC Company Ltd
ABC TradesABC Company LtdOBO LtdOBO Ltd on behalf of ABC Trades

What the research says

“Consumer research has shown that people feel most confident that a revocation has been actioned, when it is has taken place with an ASPSP. Their perception is that they are ‘stopping’ the information at ‘source’ rather than instructing a TPP not to ‘take’ the information.” Click for Customer Research