Authentication Methods

Decoupled Model A: Static PSU identifier

This version is:

Published 5 years ago 01 Mar 2019
PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is passed to ASPSP to…

Other pages in this section

PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is passed to ASPSP to identify the PSU

User Journey

A decoupled authentication flow, where the PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is used by the ASPSP to notify the PSU, such that the PSU can authenticate using the ASPSP app on a separate device.

This enables the PSU to use the same app based authentication method with the ASPSP they use when accessing the ASPSP mobile app directly.

This model is best suited to TPP apps with good user input options (e.g. website on PC/laptop) but also where POS terminals can scan debit card numbers and automatically resolve the ASPSP if these are used as a customer identifiers.

The exact type of identifier supported by the ASPSP must be published by the ASPSP.

Wireframes

To demonstrate a Model A based decoupled journey, we have used one variation of PIS journey (Sec Single Domestic Payments – a/c selection @ PISP) as an example where the ASPSP receives all the details of the payment order from the TPP.

This flow applies to other variations of PIS journeys covered in detail under section Payment Initiation Services (PIS)), AISP journeys covered under Section Account Information Services (AIS) and CBPII journeys covered under Section  Card Based Payment Instrument Issuers (CBPIIs).

This content is best viewed on a desktop browser.

1

CEG Checklist Requirements 1
PSU payment Account Selection PISPs must provide PSUs at least one of the following options: Enter their Payer’s payment Account Identification details. Select their Account Identification details (this assumes they have been saved previously).

5

CEG Checklist Requirements 5
After the PSU enters the specified identifier, if the PSU has an ASPSP app then the ASPSP must notify the PSU through the ASPSP app for authentication purposes, without introducing any additional screens. The notification must clearly mention the payment request with the amount and the payee.

6

CEG Checklist Requirements 6
The ASPSP app based authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP mobile app (biometric, passcode, credentials).

8

CEG Checklist Requirements 8
The PISP must confirm successful confirmation of payment initiation.

 

Requirements and Considerations

CEG Checklist Requirements & CX Considerations

1

PSU payment Account Selection

PISPs must provide PSUs at least one of the following options:

  • Enter their Payer’s payment Account Identification details.
  • Select their Account Identification details (this assumes they have been saved previously). 

24

PISPs should present the PSU with  the authentication options supported by the ASPSP which in turn can be supported by the TPP device/channel (for e.g. A TPP kiosk that can only support authentication by ASPSP mobile app).

If PISPs and ASPSPs support Model A, then the TPP should request from the PSU the identifier which is supported by their ASPSP.

The PISP should make the PSU aware about how this identifier will be used.

5

After the PSU enters the specified identifier, if the PSU has an ASPSP app then the ASPSP must notify the PSU through the ASPSP app for authentication purposes, without introducing any additional screens. The notification must clearly mention the payment request with the amount and the payee.

1, 28

6

The ASPSP app based authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP mobile app (biometric, passcode, credentials

1

If the PSU is logged off from the ASPSP app, the ASPSP must make the PSU aware that they have been logged off and notify them to check back on the originating TPP app.

8

The PISP must confirm successful confirmation of payment initiation.

26

What the research says

“Research shows that consumers are familiar with decoupled authentication when making a payment or setting up a new payment. This means that, if PIS journey designs follow similar patterns, consumers will be comfortable with them. Many welcome the additional level of security decoupled authentication provides.”  

Click for customer research