PSU authentication with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the AISP service.
Other pages in this section Browser Based Redirection / AIS Browser Based Redirection / PIS App Based Redirection / AIS App Based Redirection / PIS App-to-browser redirection Redirection with TPP Generated QR code Decoupled Model A: Static PSU Identifier Decoupled Model B: ASPSP Generated Identifier Decoupled Model C: TPP Generated Identifier Decoupled Model D: PSU with a TPP Account ASPSP applies an available exemption Using an Available Exemption with a Customer Identifier
This content is best viewed on a desktop browser. 1 CEG Checklist Requirements 1AISPs must initially ask PSU to identify ASPSP so that the consent request can be constructed in line with the ASPSP’s data cluster capabilities. 2 CX Considerations 2AISPs should make the PSU aware on the inbound redirection screen that they will be taken to their ASPSP for authentication for account access. 3 CEG Checklist Requirements 3If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens. The ASPSP app based authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP mobile app(biometric, passcode, credentials) and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels. 4 CEG Checklist Requirements 4After authentication the PSU must be deep linked within the app to confirm the account(s) which they would like the AISP to have access to without having to go through any further mandatory screens. For details on deep linking see Appendix 7.3. 5 CX Considerations 5ASPSPs should have an outbound redirection screen which indicates the status of the request and informing the PSU that they will be automatically taken back to the AISP. 6 CX Considerations 6ASPSPs should inform the PSU on the outbound redirection screen that their session with the ASPSP is closed. 7 CEG Checklist Requirements 7AISPs should confirm the successful completion of the account information request. Select to scroll left Select to scroll right
CEG Checklist Requirements & CX Considerations CEG Checklist Reference 1 AISPs must initially ask PSU to identify ASPSP so that the consent request can be constructed in line with the ASPSP’s data cluster capabilities. 8 2 AISPs should make the PSU aware on the inbound redirection screen that they will be taken to their ASPSP for authentication for account access. 3 If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens. The ASPSP app based authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP mobile app (biometric, passcode, credentials) and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels 1 4 After authentication the PSU must be deep linked within the app to confirm the account(s) which they would like the AISP to have access to without having to go through any further mandatory screens. For details on deep linking see Appendix Deep Linking for App-to-App redirection. 1 5 ASPSPs should have an outbound redirection screen which indicates the status of the request and informing the PSU that they will be automatically taken back to the AISP. 6 ASPSPs should inform the PSU on the outbound redirection screen that their session with the ASPSP is closed. 7 AISPs should confirm the successful completion of the account information request. 18
Browser Based Redirection / PIS Previous Related articles Please select API specifications App Based Redirection / PIS Next