PSD2 regulations allow any bank or payment institution to issue payment instruments. These cover payment cards such as debit and credit cards, but also personalised devices or rule sets agreed between the issuer and the user, used to initiate a payment.
Other pages in this section Consent for Confirmation of Funds – CoF Confirmation of Funds Yes / No Resonse Re-Authentication of CoF Access at the ASPSP
This content is best viewed on a desktop browser. 1 CEG Checklist Requirements 2CoF Funds Request / Closed loopCBPII must only generate a confirmation of funds request if the payer has initiated a payment transaction for the amount in question using the issued card based payment instrument. 2 CEG Checklist Requirements 1CoF Response / Closed loopIn response to the CoF request, the ASPSP must provide a Yes/No Answer as a CoF response. This must include: • Yes/No response that funds in the funding payment account checked are sufficient to cover a transaction of the specified amount.• A unique CoF response identifier. This is unique within the ASPSPs environment. A CBPII has no real use for this identifier however it is provided in order to have the ability of a full trace for audit purposes. • This could also include the date and time the CoF response was created. 3 CEG Checklist Requirements 4 Open LoopCoF Request / Open loopCBPII must only generate a confirmation of funds request if the payer has initiated a payment transaction for the amount in question using the issued card based payment instrument. 4 CEG Checklist Requirements 1CoF Response / Open loopIn response to the CoF request, the ASPSP must provide a Yes/No Answer as a CoF response. This must include: • Yes/No response that funds in the funding payment account checked are sufficient to cover a transaction of the specified amount.• A unique CoF response identifier. This is unique within the ASPSPs environment. A CBPII has no real use for this identifier however it is provided in order to have the ability of a full trace for audit purposes. • This could also include the date and time the CoF response was created. Select to scroll left Select to scroll right
CEG Checklist Requirements & Customer Experience Considerations 1 Confirmation of Funds Request CBPII must only generate a confirmation of funds request if the payer has initiated a payment transaction for the amount in question using the issued card based payment instrument. 33 2 Confirmation of Funds Response In response to the CoF request, the ASPSP must provide a Yes/No Answer as a CoF response. This must include: A Yes/No response that funds in the funding payment account checked are sufficient to cover a transaction of the specified amount. A unique CoF response identifier. This is unique within the ASPSPs environment. A CBPII has no real use for this identifier however it is provided in order to have the ability of a full trace for audit purposes. This could also include the date and time the CoF response was created. 34 3 Confirmation of Funds Request CBPII must only generate a confirmation of funds request if the payer has initiated a payment transaction for the amount in question using the issued card based payment instrument. 33 4 Confirmation of Funds Response In response to the CoF request, the ASPSP must provide a Yes/No Answer as a CoF response. This must include: A Yes/No response that funds in the funding payment account checked are sufficient to cover a transaction of the specified amount. A unique CoF response identifier. This is unique within the ASPSPs environment. A CBPII has no real use for this identifier however it is provided in order to have the ability of a full trace for audit purposes. This could also include the date and time the CoF response was created. 34 A Confirmation of Funds (CoF) – BAU operation After PSUs provide their consent for CoF access to CBPIIs, PSUs are no longer required to be involved in the CoF request and response process. As part of the ASPSP consent process, ASPSPs must create a long lived consent and provide to CBPIIs a unique identifier of the consent. Every subsequent CoF request falling within this consent, must be made using this consent identifier. B Confirmation of Funds Request Every time PSUs initiate a transaction using the CBPII issued card, CBPIIs could choose to make a CoF request to ASPSPs holding the PSU’s funding account. The CoF request must include: The identifier of the consent that the customer has previously confirmed. The transaction amount and currency to which the CoF request pertains. A unique reference for the CoF request assigned by the CBPII. This is a reference provided by the CBPII and should relate to the ID of the transaction initiated by the PSU using the CBPII issued payment instrument. C Notifications to PSUs As stated above, PSUs are not involved in the CoF Request/Response process at all. PSUs may not even be aware that every time they are initiating a transaction using the CBPII issued instrument (e.g. card) the above process takes place. In addition, if PSU transactions at the POS fail due to confirmation of funds failure, PSUs may not be aware that this was the reason for the transaction failure. Thus, OBL recommends the following based on undertaken PSU research: Every time a CoF request for a transaction results in a negative response by ASPSPs, ASPSPs should notify PSUs that a funds availability check has responded as such. This notification could take place through various means such as SMS, mobile notification through the mobile banking app, email, automated voice call etc. The notification could be switched off upon PSU request. Alternately, CBPIIs could also decide to notify PSUs in case of negative CoF response in order to allow PSUs to take any corrective actions such as funding the account immediately and retrying the failed transaction or use another funding account for their card based instrument. ASPSPs could also choose to notify their customers on every occasion of a CoF request by a CBPII and not only upon a negative response. This will allow PSUs to identify any CoF requests that may not genuinely be related to a specific CBPII instrument transaction initiated by them. However, customer research indicates that PSUs do not consider necessary/important notifications on every CoF requests. In case ASPSPs are unable to provide responses to CoF requests back to CBPIIs, it is recommended that ASPSPs should send notifications to PSUs about this failure, including a reason for not being able to provide responses back to CBPIIs. D CoF Request/Response Processing Considerations When ASPSPs receive CoF requests, ASPSP must immediately provide a yes or no answer on the availability of the amount necessary for the execution of the card-based payment transaction. As per the FCA approach document (paragraph 17.22) ‘immediately’ in this context means that the response should be sufficiently fast so as not to cause any material delay in the payment transaction, therefore this is likely to mean the answer must be provided as soon as the request is received. CBPIIs should be able to make multiple CoF requests for different transactions simultaneously to ASPSPs (provided the relevant consents have been granted). However, every CoF request must only be made where the payer has initiated a payment transaction for the corresponding amount. CBPIIs should be able to send multiple CoF requests for multiple accounts without having to have first received a response from any previous CoF request message. ASPSPs should be able to cope with multiple CoF requests from the same CBPII for PSUs transactions initiated at the same time. PSUs may decide to link the same ASPSP account with multiple issued payment instruments (e.g. cards) from multiple CBPIIs. This means that there may be multiple consents for CoF requests to the same account for multiple CBPIIs. In this case, the ASPSPs should be able to cope with CoF requests from multiple CBPIIs for transactions initiated at the same time. E ASPSPs should allow a CBPII request for confirmation of funds even if the identifier, used by the PSU with the CBPII as part of the original consent, is no longer valid where that identifier is not an account number and/or sort code(e.g. expired/reported lost stolen primary/secondary PAN).
Consent for Confirmation of Funds – CoF Previous Related articles Please select API specifications Funds Confirmation Re-Authentication of CoF Access at the ASPSP Next