Authentication Methods

Using an available exemption with a customer identifier

This version is:

Published 3 years ago 01 Mar 2019
  User Journey   Where all information for a complete payment order (including the PSUs’…

Other Journeys in ‘Authentication Methods’.

 

User Journey

 

Where all information for a complete payment order (including the PSUs’ account details) is passed from PISPs to ASPSPs, once PSUs have been authenticated, PSUs must be directed back to the PISP domain without any further steps taking place. This excludes the cases where supplementary information is required to be provided to PSUs as described in section Single Domestic Payments – Supplementary info).

This Journey can be used for subsequent transactions after an initial payment has been successfully made and details held for future use See Single Domestic Payments – a/c selection @ PISP, item #11.  The PISP will provide to the ASPSP in any subsequent transactions a hint of the PSU’s identity by sending the customer identifier as part of the payment request. This will enable the ASPSP to facilitate a journey with less friction, in instances where the ASPSP determines that SCA is not required based on an available exemption.

 

Wireframes

This content is best viewed on a desktop browser.

2

CEG Checklist Requirements 2
PISPs must allow the PSU to either enter the account details or select the account with their ASPSP.

3

CEG Checklist Requirements 3
PISPs must communicate information clearly to the PSU when obtaining consent in order to initiate the payment order.

6

CEG Checklist Requirements 6
If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels.

8

CEG Checklist Requirements 8
ASPSPs must display as minimum the Payment Amount, Currency and the Payee Account Name on to make the PSU aware of these details (unless an SCA exemption is being applied). These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required, refer to section Single Domestic Payments – Supplementary info): 1. Authentication screen; 2. ASPSP to PISP outbound redirection screen.

10

CEG Checklist Requirements 10
PSU must be redirected straight back to the PISP website/app on the same device where PISP displays confirmation of successful initiation.

 

These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required, refer to section Single Domestic Payments – Supplementary info).

 

Requirements and Considerations

CEG Checklist Requirements & CX Considerations

PISP should allow the PSU to select the payment account identification details of a particular ASPSP that have previously been used and stored.

The PISP will need to provide to the ASPSP a hint of the PSU’s identity by sending the customer identifier as part of the payment request. This could then be used by the ASPSP to  facilitate a journey with less friction, in instances where the ASPSP determines that SCA is not required based on an available exemption.

2

PISPs must allow the PSU to either enter the account details or select the account with their ASPSP

24

3

PISPs must communicate information clearly to the PSU when obtaining consent in order to initiate the payment order.

8

PISPs should provide messaging to inform PSUs that they will be taken to their ASPSPs to complete the payment.

Example wording: “You will be securely transferred to YOUR ASPSP to authenticate and make the payment“.

PISPs should provide messaging on their inbound redirection screen to inform PSU that they will be taken to their ASPSP to authenticate to complete the payment.

PISP  should display in the Redirection screen the Payment Amount, Currency and the Payee Account Name to make the PSU aware of these details.

6

If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels.

5a

ASPSPs should have outbound redirection  screen which indicates the status of the request and informs the PSU that they will be automatically taken back to the PISP.

8

ASPSPs must display as minimum the Payment Amount, Currency and the Payee Account Name on to make the PSU aware of these details (unless an SCA exemption is being applied).

These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required, refer to section Single Domestic Payments – Supplementary info):

  1. Authentication screen;
  2. ASPSP to PISP outbound redirection screen.

28

ASPSPs should inform the PSU on the outbound redirection screen that they are being redirected back to the PISP.

Note:  This would be based on customer identifier being provided by the PISP and the transaction being eligible for any available exemptions and the ASPSP applying the exemption.

What the research says

 

Click for customer research