Authentication Methods

App Based Redirection – PIS

This version is:

Published 3 years ago 21 Oct 2021

PSU authentication, with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the PISP service. This enables the PSU to authenticate with the ASPSP while using a PISP for a PIS service using the same ASPSP app based authentication method that they use when accessing the ASPSP mobile channel directly.

Other pages in this section

User Journey

 

Main content image

 

PSU authentication, with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the PISP service.

This enables the PSU to authenticate with the ASPSP while using a PISP for a PIS service using the same ASPSP app based authentication method that they use when accessing the ASPSP mobile channel directly.

The PISP service could be web based or app based. The redirection must directly invoke the ASPSP app to enable the PSU to authenticate and must not require the PSU to provide any PSU identifier or other credentials to the PISP.

Wireframes

To demonstrate an app based redirection part of the journey we have used one variation of PIS journey (Sec Single Domestic Payments – a/c selection @ PISP) as an example, where the ASPSP receives all the details of the payment order from the PISP.

This redirection flow applies to other variations of PIS journeys covered in detail under section Payment Initiation Services (PIS).

 

This content is best viewed on a desktop browser.

1

CEG Checklist Requirements 1
PISPs must allow the PSU to either enter the account details or select the account with their ASPSP

2

CEG Checklist Requirements 2
PISPs must communicate information clearly to the PSU when obtaining consent in order to initiate the payment order

4

CEG Checklist Requirements 4
If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels.

5

CEG Checklist Requirements 5
ASPSPs must display as minimum the Payment Amount, Currency and the Payee Account Name on to make the PSU aware of these details (unless an SCA exemption is being applied). These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required, refer to section 4.1.2): 1. Authentication screen; 2. ASPSP to PISP outbound redirection screen.

6

CEG Checklist Requirements 6
ASPSPs app based authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP mobile app (biometric, passcode, credentials).

9

CEG Checklist Requirements 9
PSU must be redirected straight back to the PISP website/app on the same device where PISP displays confirmation of successful initiation.

CEG Checklist Requirements & CX Considerations

1

AISPs must initially ask the PSU to identify the ASPSP so that the consent request can be constructed in line with the ASPSP’s data clusters.

24

2

PISPs must communicate information clearly to the PSU when obtaining consent in order to initiate the payment order.

8

PISPs should provide messaging on their inbound redirection screen to inform PSU that they will be taken to their ASPSP to authenticate to complete the payment. PISP should display in the Redirection screen the Payment Amount, Currency and the Payee Account Name to make the PSU aware of these details.

4

If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels.

5a

5

ASPSPs must display as minimum the Payment Amount, Currency and the Payee Account Name on to make the PSU aware of these details (unless an SCA exemption is being applied).

These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required, refer to section Single Domestic Payments – Supplementary info):

  1. Authentication screen;
  2. ASPSP to PISP outbound redirection screen.

 

28

6

ASPSPs app based authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP mobile app (biometric, passcode, credentials).

1

ASPSPs should have outbound redirection screen which indicates the status of the request and informs the PSU that they will be automatically taken back to the PISP.

ASPSPs should inform the PSU on the outbound redirection screen that their session with the ASPSP is closed.

9

PSU must be redirected straight back to the PISP website/app on the same device where PISP displays confirmation of successful initiation.

26

What the research says

“Consumer research has shown that people feel authentication via Fingerprint ID adds a reassuring sense of security to the journey.”  

Click for customer research