Card Based Payment Instrument Issuers (CBPIIs)
One of the primary ambitions of these guidelines is to provide simplification and consistency throughout each stage of the Open Banking implementation.
As such, we have defined a core set of PSU journeys for CBPIIs.
Regulation 68 of the PSRs provides a mechanism whereby payment service providers (PSPs) issue a card based instrument which is linked to an account or accounts held at one or more different ASPSPs (provided those accounts are accessible online) and request a confirmation on the availability of funds. The payment service provider that issues the payment instrument is known as a Card-Based Payment Instrument Issuer or CBPII.
When the PSU uses the card-based payment instrument to initiate a payment transaction, the CBPII is entitled to request a confirmation from the PSUs ASPSP to which the account is linked, to confirm whether there are sufficient funds available for the transaction amount. The ASPSP is obliged to respond with an immediate ‘yes/no’ answer, provided the relevant regulatory requirements are met.
There may be several reasons for the customer to use the CBPII card and this will mainly depend on the actual CBPII proposition. Example benefits may include the following:
- Loyalty scheme with benefits for using the CBPII card (points, air miles, cash back etc).
- The customer has a single instrument to make payments from multiple accounts, with no need to carry a card wallet full of cards.
- The customer only has to manage one card relationship, for example:
- Remember the details for one card.
- Store the details of one card with a retailer.
- The customer will only have a single combined transaction list and statement for all their purchases.
- Single proxy for multiple accounts for all card usages.
- Less probability to have a purchase transaction declined as multiple funding accounts may be used without having to try several different cards.
- Less need to handle expiring cards from various bank accounts.
Please note that the Confirmation of Funds (CoF) mechanism does not guarantee to the CBPII that they will receive the funds from the PSUs account, as CoF is only a snapshot which confirms whether the funds are available at the time of the request. The ASPSP does not block funds on the PSU’s account for the CBPII card payment.
Moreover, please note that the CoF API made available to CBPIIs is for funds checking only and does not facilitate settlement of the transaction (i.e. the transfer of the funds from the PSU funding account to the CBPII). This is in the CBPII competitive space and could be fulfilled using various means such as Direct Debit, PISP push payment etc.
Finally, PSRs and RTS do not appear to place limitation into the number of payment accounts that can be linked into a single CBPII issued card. This is in the competitive space of the CBPIIs. Furthermore, PSRs and RTS do not specify which card types can be linked with the payment account, for example physical cards only or also tokenised virtual cards. Again, this is in the competitive space of the CBPIIs.
CBPII Core Journeys
Open Banking API specifications support CoF services for Card Based Payment Instrument Issuers (CBPIIs). These services allow PSUs to provide explicit consent to an ASPSP, so that they can respond to confirmation of funds requests from CBPIIs, limited to a Y/N. CBPIIs can subsequently submit confirmation of funds requests to the ASPSP provided that the PSU has also provided their explicit consent to the CBPII and has initiated a payment transaction with the payment instrument for the amount in question.
This section describes how each of the Participants (CBPIIs and ASPSPs) in the delivery of these services can optimise the customer experience for these. Furthermore, it provides some clarifications to these Participants on the usage of the APIs,which are not covered by the technical specifications and some best practice guidelines for implementation of the customer journeys.
Please note that unlike AIS journeys, the consent given to ASPSPs and CBPIIs can be “until further notice” and does not expire after 90 days. Thus, authentication does not need to occur after the initial set up for the specific CBPII has been completed. The consent to CBPIIs access will generally be ongoing or setup for a set period of time, after which PSUs will need to renew it.