One of the primary objectives of the Customer Experience Guidelines is to provide simplification and consistency across all Open Banking implementations. As such, we have defined a core set of authentication methods that can and should be used, subject to the scope and flexibility of any payment initiation and/or account information services provided by TPPs.
Other pages in this section Get Started Authentication Methods Account Information Services Payment Initiation Services Card Based Payment Instrument Issuers (CBPIIs) Checklist Appendices Change Log
Browser Based Redirection – AIS PSU Authentication with the ASPSP using browser based redirection from an AISP for an AIS request. This enables a PSU to authenticate with their ASPSP while using an AISP for an AIS service, using the same web based authentication method which the PSU uses when accessing the ASPSP web channel directly. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 Browser Based Redirection – PIS PSU Authentication with the ASPSP using browser based redirection for a PIS request. This enables a PSU to authenticate with their ASPSP while using a TPP for the PIS service, using the same web based authentication method which they use when accessing the ASPSP web channel directly. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 App Based Redirection – AIS PSU authentication with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the AISP service. This enables the PSU to authenticate with the ASPSP while using an AISP for an AIS service using the same ASPSP app based authentication method which they use when accessing the ASPSP mobile channel directly. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 App Based Redirection – PIS PSU authentication, with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the PISP service. This enables the PSU to authenticate with the ASPSP while using a PISP for a PIS service using the same ASPSP app based authentication method that they use when accessing the ASPSP mobile channel directly. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 Browser-to-app redirection It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 Effective use of redirection screens It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Browser Based Redirection – AIS PSU Authentication with the ASPSP using browser based redirection from an AISP for an AIS request. This enables a PSU to authenticate with their ASPSP while using an AISP for an AIS service, using the same web based authentication method which the PSU uses when accessing the ASPSP web channel directly. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Browser Based Redirection – PIS PSU Authentication with the ASPSP using browser based redirection for a PIS request. This enables a PSU to authenticate with their ASPSP while using a TPP for the PIS service, using the same web based authentication method which they use when accessing the ASPSP web channel directly. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
App Based Redirection – AIS PSU authentication with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the AISP service. This enables the PSU to authenticate with the ASPSP while using an AISP for an AIS service using the same ASPSP app based authentication method which they use when accessing the ASPSP mobile channel directly. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
App Based Redirection – PIS PSU authentication, with the ASPSP using the ASPSP mobile app installed on the same device on which the PSU is consuming the PISP service. This enables the PSU to authenticate with the ASPSP while using a PISP for a PIS service using the same ASPSP app based authentication method that they use when accessing the ASPSP mobile channel directly. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
App-to-browser redirection – AIS It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Browser-to-app redirection It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Effective use of redirection screens It is possible that a PSU using a mobile device does not have their ASPSP mobile app installed, or their ASPSP does not provide an app at all. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Decoupled Model A: Static PSU Identifier A decoupled authentication flow, where the PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is used by the ASPSP to notify the PSU, such that the PSU can authenticate using the ASPSP app on a separate device. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 Decoupled Model B: ASPSP Generated Identifier A decoupled authentication flow where the PSU provides a dynamic identifier generated with their ASPSP to the TPP (AISP/PISP/CBPII) which is then used by the ASPSP to identify the PSU through the ASPSP app to authenticate and action the TPP request. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 Decoupled Model C: TPP Generated Identifier A decoupled authentication flow where the PSU provides a dynamic identifier generated with their ASPSP to the TPP (AISP/PISP/CBPII), which is then used by the ASPSP to identify the PSU through the ASPSP app to authenticate and action the TPP request. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 Decoupled Model D: PSU with a TPP Account TPP (AISP/PISP/CBPII) passes the PSU’s stored unique identifier to the ASPSP to identify the PSU User Journey A decoupled authentication flow where the TPP (AISP/PISP/CBPII) provides the ASPSP a stored PSU identifier, generated by the ASPSP from a previous PSU transaction. This is used by the ASPSP to notify the PSU such that the… View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Decoupled Model A: Static PSU Identifier A decoupled authentication flow, where the PSU provides a static identifier to the TPP (AISP/PISP/CBPII) which is used by the ASPSP to notify the PSU, such that the PSU can authenticate using the ASPSP app on a separate device. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Decoupled Model B: ASPSP Generated Identifier A decoupled authentication flow where the PSU provides a dynamic identifier generated with their ASPSP to the TPP (AISP/PISP/CBPII) which is then used by the ASPSP to identify the PSU through the ASPSP app to authenticate and action the TPP request. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Decoupled Model C: TPP Generated Identifier A decoupled authentication flow where the PSU provides a dynamic identifier generated with their ASPSP to the TPP (AISP/PISP/CBPII), which is then used by the ASPSP to identify the PSU through the ASPSP app to authenticate and action the TPP request. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Decoupled Model D: PSU with a TPP Account TPP (AISP/PISP/CBPII) passes the PSU’s stored unique identifier to the ASPSP to identify the PSU User Journey A decoupled authentication flow where the TPP (AISP/PISP/CBPII) provides the ASPSP a stored PSU identifier, generated by the ASPSP from a previous PSU transaction. This is used by the ASPSP to notify the PSU such that the… View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
ASPSP applies an available exemption User Journey SCA- RTS includes a number of available exemptions which permit an ASPSP not to apply SCA based on the availability of certain criteria, which consider factors such the amount, the beneficiary and the risk analysis of the transaction. When the ASPSP determines that an available exemption is applicable to the payment… View journey This version was published 4 Years & 4 Months ago 25 Jun 2020 Using an Available Exemption with a Customer Identifier After the PSU has successfully initiated a payment initiation through a PISP, and details were held for future use. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
ASPSP applies an available exemption User Journey SCA- RTS includes a number of available exemptions which permit an ASPSP not to apply SCA based on the availability of certain criteria, which consider factors such the amount, the beneficiary and the risk analysis of the transaction. When the ASPSP determines that an available exemption is applicable to the payment… View journey This version was published 4 Years & 4 Months ago 25 Jun 2020
Using an Available Exemption with a Customer Identifier After the PSU has successfully initiated a payment initiation through a PISP, and details were held for future use. View journey This version was published 4 Years & 4 Months ago 25 Jun 2020