Authentication Methods

App Based Redirection – AIS

This version is:

Published 3 years ago 21 Oct 2021

PSU authentication with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the AISP service. This enables the PSU to authenticate with the ASPSP while using an AISP for an AIS service using the same ASPSP app based authentication method which they use when accessing the ASPSP mobile channel directly.

Other pages in this section

User Journey

Main content image

PSU authentication with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the AISP service.

This enables the PSU to authenticate with the ASPSP while using an AISP for an AIS service using the same ASPSP app based authentication method which they use when accessing the ASPSP mobile channel directly.

AISP service could be web based or app based. The redirection must directly invoke the ASPSP app to enable the PSU to authenticate and must not require the PSU to provide any PSU identifier or other credentials to the AISP.

Wireframes

To demonstrate an app based redirection part of the journey, we have used the AISP initial setup (Sec Account Information Consent) as one example.

The app based redirection flow applies to other AIS journeys covered in detail under section Account Information Services (AIS).

 

This content is best viewed on a desktop browser.

1

CEG Checklist Requirements 1
AISPs must initially ask PSU to identify ASPSP so that the consent request can be constructed in line with the ASPSP’s data cluster capabilities.

3

CEG Checklist Requirements 3
If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens. The ASPSP app based authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP mobile app(biometric, passcode, credentials) and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels.

4

CEG Checklist Requirements 4
After authentication the PSU must be deep linked within the app to confirm the account(s) which they would like the AISP to have access to without having to go through any further mandatory screens. For details on deep linking see Appendix 7.3.

7

CEG Checklist Requirements 7
AISPs should confirm the successful completion of the account information request.

CEG Checklist Requirements & CX Considerations

1

AISPs must initially ask PSU to identify ASPSP so that the consent request can be constructed in line with the ASPSP’s data cluster capabilities.

8

AISPs should make the PSU aware on the inbound redirection screen that they will be taken to their ASPSP for authentication for account access.

3

If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens. The ASPSP app based authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP mobile app (biometric, passcode, credentials) and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels

1

4

After authentication the PSU must be deep linked within the app to confirm the account(s) which they would like the AISP to have access to without having to go through any further mandatory screens. For details on deep linking see Appendix Deep Linking for App-to-App redirection.

1

ASPSPs should have an outbound redirection screen which indicates the status of the request and informing the PSU that they will be automatically taken back to the AISP.

ASPSPs should inform the PSU on the outbound redirection screen that their session with the ASPSP is closed.

7

AISPs should confirm the successful completion of the account information request.

18

What the research says

 

Click for customer research