Card Based Payment Instrument Issuers – CBPIIs

Confirmation of Funds Yes / No Resonse

This version is:

This is the latest version Published 5 months ago 28 Jun 2024

PSD2 regulations allow any bank or payment institution to issue payment instruments. These cover payment cards such as debit and credit cards, but also personalised devices or rule sets agreed between the issuer and the user, used to initiate a payment.

Other pages in this section

User Journey

Payments networks primarily operate under two different business models that can apply to CBPIIs.

  1. Open-loop payments networks, such as Visa and MasterCard that are multi-party and operate through a scheme that connects two financial institutions.
  2. Closed-loop networks which issue cards directly to consumers and serve merchants directly.

As per PSD2 regulations, any authorised PSP, be it a bank or a payment institution, can issue payment instruments. Payment instruments not only cover payment cards such as debit and credit cards, but any personalised device or set of rules agreed between the issuer and the user that is used to initiate a payment.

The below diagrams illustrate at a high level the usage of the CoF by CBPIIs in both Closed and Open Loop operational models. Note that there is no PSU journey and this happens in the background.

This content is best viewed on a desktop browser.

1

CEG Checklist Requirements 2
CoF Funds Request / Closed loop
CBPII must only generate a confirmation of funds request if the payer has initiated a payment transaction for the amount in question using the issued card based payment instrument.

2

CEG Checklist Requirements 1
CoF Response / Closed loop
In response to the CoF request, the ASPSP must provide a Yes/No Answer as a CoF response. This must include:

• Yes/No response that funds in the funding payment account checked are sufficient to cover a transaction of the specified amount.

• A unique CoF response identifier. This is unique within the ASPSPs environment. A CBPII has no real use for this identifier however it is provided in order to have the ability of a full trace for audit purposes.

• This could also include the date and time the CoF response was created.

3

CEG Checklist Requirements 4 Open Loop
CoF Request / Open loop
CBPII must only generate a confirmation of funds request if the payer has initiated a payment transaction for the amount in question using the issued card based payment instrument.

4

CEG Checklist Requirements 1
CoF Response / Open loop
In response to the CoF request, the ASPSP must provide a Yes/No Answer as a CoF response. This must include:

• Yes/No response that funds in the funding payment account checked are sufficient to cover a transaction of the specified amount.

• A unique CoF response identifier. This is unique within the ASPSPs environment. A CBPII has no real use for this identifier however it is provided in order to have the ability of a full trace for audit purposes.

• This could also include the date and time the CoF response was created.

CEG Checklist Requirements & Customer Experience Considerations
CEG Checklist Reference

1

Confirmation of Funds Request

CBPII must only generate a confirmation of funds request if the payer has initiated a payment transaction for the amount in question using the  issued card based payment instrument.

33

2

Confirmation of Funds Response

In response to the CoF request, the ASPSP must provide a Yes/No Answer as a CoF response. This must include:

    • A Yes/No response that funds in the funding payment account checked are sufficient to cover a transaction of the specified amount.
    • A unique CoF response identifier. This is unique within the ASPSPs environment. A CBPII has no real use for this identifier however it is provided in order to have the ability of a full trace for audit purposes.
    • This could also include the date and time the CoF response was created.

34

3

Confirmation of Funds Request

CBPII must only generate a confirmation of funds request if the payer has initiated a payment transaction for the amount in question using the  issued card based payment instrument.

33

4

Confirmation of Funds Response

In response to the CoF request, the ASPSP must provide a Yes/No Answer as a CoF response. This must include:

    • A Yes/No response that funds in the funding payment account checked are sufficient to cover a transaction of the specified amount.
    • A unique CoF response identifier. This is unique within the ASPSPs environment. A CBPII has no real use for this identifier however it is provided in order to have the ability of a full trace for audit purposes.
    • This could also include the date and time the CoF response was created.

34

Confirmation of Funds (CoF) – BAU operation

After PSUs provide their consent for CoF access to CBPIIs, PSUs are no longer required to be involved in the CoF request and response process. As part of the ASPSP consent process, ASPSPs must create a long lived consent and provide to CBPIIs a unique identifier of the consent. Every subsequent CoF request falling within this consent, must be made using this consent identifier.

Confirmation of Funds Request

Every time PSUs initiate a transaction using the CBPII issued card, CBPIIs could choose to make a CoF request to ASPSPs holding the PSU’s funding account.

The CoF request must include:

    • The identifier of the consent that the customer has previously confirmed.
    • The transaction amount and currency to which the CoF request pertains.
    • A unique reference for the CoF request assigned by the CBPII. This is a reference provided by the CBPII and should relate to the ID of the transaction initiated by the PSU using the CBPII issued payment instrument.

Notifications to PSUs

As stated above, PSUs are not involved in the CoF Request/Response process at all. PSUs may not even be aware that every time they are initiating a transaction using the CBPII issued instrument (e.g. card) the above process takes place. In addition, if PSU transactions at the POS fail due to confirmation of funds failure, PSUs may not be aware that this was the reason for the transaction failure. Thus, OBL recommends the following based on undertaken PSU research:

    • Every time a CoF request for a transaction results in a negative response by ASPSPs, ASPSPs should notify PSUs that a funds availability check has responded as such. This notification could take place through various means such as SMS, mobile notification through the mobile banking app, email, automated voice call etc. The notification could be switched off upon PSU request.
    • Alternately, CBPIIs could also decide to notify PSUs in case of negative CoF response in order to allow PSUs to take any corrective actions such as funding the account immediately and retrying the failed transaction or use another funding account for their card based instrument.
    • ASPSPs could also choose to notify their customers on every occasion of a CoF request by a CBPII and not only upon a negative response. This will allow PSUs to identify any CoF requests that may not genuinely be related to a specific CBPII instrument transaction initiated by them. However, customer research indicates that PSUs do not consider necessary/important notifications on every CoF requests.
    • In case ASPSPs are unable to provide responses to CoF requests back to CBPIIs, it is recommended that ASPSPs should send notifications to PSUs about this failure, including a reason for not being able to provide responses back to CBPIIs.

CoF Request/Response Processing Considerations

When ASPSPs receive CoF requests, ASPSP must immediately provide a yes or no answer on the availability of the amount necessary for the execution of the card-based payment transaction. As per the FCA approach document (paragraph 17.22) ‘immediately’ in this context means that the response should be sufficiently fast so as not to cause any material delay in the payment transaction, therefore this is likely to mean the answer must be provided as soon as the request is received.
    • CBPIIs should be able to make multiple CoF requests for different transactions simultaneously to ASPSPs (provided the relevant consents have been granted). However, every CoF request must only be made where the payer has initiated a payment transaction for the corresponding amount.
    • CBPIIs should be able to send multiple CoF requests for multiple accounts without having to have first received a response from any previous CoF request message.
    • ASPSPs should be able to cope with multiple CoF requests from the same CBPII for PSUs transactions initiated at the same time.
    • PSUs may decide to link the same ASPSP account with multiple issued payment instruments (e.g. cards) from multiple CBPIIs. This means that there may be multiple consents for CoF requests to the same account for multiple CBPIIs. In this case, the ASPSPs should be able to cope with CoF requests from multiple CBPIIs for transactions initiated at the same time.

ASPSPs should allow a CBPII request for confirmation of funds even if the identifier, used by the PSU with the CBPII as part of the original consent, is no longer valid where that identifier is not an account number and/or sort code(e.g. expired/reported lost stolen primary/secondary PAN).

What the research says

Research undertaken on behalf of OBL with consumer PSUs has identified the following points: “CoF is seen as a minor part of the payment process, and it is the confirmation of payments themselves that are the priority for PSUs. However, PSUs would like to know if a CoF request has resulted in a negative response / technical failure, or if there has been any suspicious activity e.g. multiple CoF requests at different amounts.”  

Click for customer research