Authentication Methods

Using an Available Exemption with a Customer Identifier

This version is:

Published 3 years ago 21 Oct 2021
User Journey     After the PSU has successfully initiated a payment initiation through a PISP, and…

Other pages in this section

User Journey

 

Main content image

 

After the PSU has successfully initiated a payment initiation through a PISP, and details were held for future use (as per Single Domestic Payments – a/c selection @ PISP, item #11), this Journey can be used for initiating subsequent transactions. 

The PISP will provide to the ASPSP in all subsequent transactions a hint of the PSU’s identity by sending the customer identifier as part of the payment initiation request. This will enable the ASPSP to facilitate a journey with less friction, in instances where the ASPSP determines that SCA is not required based on an available exemption. 

Note: This option may require a contract between the AISP and each ASPSP.

Wireframes

This content is best viewed on a desktop browser.

2

CEG Checklist Requirements 2
PISPs must allow the PSU to either enter the account details or select the account with their ASPSP.

3

CEG Checklist Requirements 3
PISPs must communicate information clearly to the PSU when obtaining consent in order to initiate the payment order.

6

CEG Checklist Requirements 6
If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels.

8

CEG Checklist Requirements 8
ASPSPs must display as minimum the Payment Amount, Currency and the Payee Account Name on to make the PSU aware of these details (unless an SCA exemption is being applied). These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required, refer to section Single Domestic Payments – Supplementary info): 1. Authentication screen; 2. ASPSP to PISP outbound redirection screen.

10

CEG Checklist Requirements 10
PSU must be redirected straight back to the PISP website/app on the same device where PISP displays confirmation of successful initiation.

CEG Checklist Requirements & CX Considerations

PISP should allow the PSU to select the payment account identification details of a particular ASPSP that have previously been used and stored. The PISP will need to provide to the ASPSP a hint of the PSU’s identity by sending the customer identifier as part of the payment request. This could then be used by the ASPSP to  facilitate a journey with less friction, in instances where the ASPSP determines that SCA is not required based on an available exemption.

2

PISPs must allow the PSU to either enter the account details or select the account with their ASPSP

24

3

PISPs must communicate information clearly to the PSU when obtaining consent in order to initiate the payment order.

8

PISPs should provide messaging to inform PSUs that they will be taken to their ASPSPs to complete the payment.

Example wording: “You will be securely transferred to YOUR ASPSP to authenticate and make the payment“.

Note: In the case of a journey where the ASPSP will determine that an SCA exemption can be applied, this point would have been the PSUs’ “point of no return” for making the payment. However, as PISPs are not in a position to know whether that would be the case or not, they cannot really inform the PSUs about being at the “point of no return” for making the payment. PISPs may decide to provide some additional messaging to PSUs to address this.

PISPs should provide messaging on their inbound redirection screen to inform PSU that they will be taken to their ASPSP to authenticate to complete the payment. PISP  should display in the Redirection screen the Payment Amount, Currency and the Payee Account Name to make the PSU aware of these details.

6

If the PSU has an ASPSP app installed on the same device the redirection must invoke the ASPSP app for authentication purposes only without introducing any additional screens and offer the same authentication method(s) available to the PSU when authenticating in their ASPSP’s direct channels.

5a

ASPSPs should have outbound redirection  screen which indicates the status of the request and informs the PSU that they will be automatically taken back to the PISP.

8

ASPSPs must display as minimum the Payment Amount, Currency and the Payee Account Name on to make the PSU aware of these details (unless an SCA exemption is being applied). These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required, refer to section Single Domestic Payments – Supplementary info):

  1. Authentication screen;
  2. ASPSP to PISP outbound redirection screen.

28

ASPSPs should inform the PSU on the outbound redirection screen that they are being redirected back to the PISP. Note:  This would be based on customer identifier being provided by the PISP and the transaction being eligible for any available exemptions and the ASPSP applying the exemption.

10

PSU must be redirected straight back to the PISP website/app on the same device where PISP displays confirmation of successful initiation.

26

What the research says

 

Click for customer research