ASPSPs must provide PSUs with a facility to view and revoke ongoing VRP access that they have given to any PISP, for each account held at that ASPSP. The PSU may have consented to make payments from several accounts through a single PISP. Dashboards play an important role in setting out what accounts the PSU has given permissions for, and the rules associated.
Other pages in this section Dashboards Overview AIS Consent Dashboard AIS Access Dashboard PIS VRP Consent Dashboard PIS VRP Access Dashboard CBPII Consent Dashboard CBPII Revocation of Consent CBPII Access Dashboard CBPII Access Revocation PSU Notifications
CEG Checklist Requirements & CX Considerations CEG Checklist Reference 1 ASPSPs must use the preferred term “open banking connections” and/or “open banking connected services” for an Access Dashboard specifically. ASPSPs must carefully consider the naming of their Dashboard to aid PSU understanding and ability to find its location. Our research found that names such as “Permissions”, “Accounts”, “Logins” were not clear, and many consumers didn’t understand what they meant. 10a 2 ASPSPs must make available on all digital channels an Access Dashboard, with the same name across channels, which allows PSUs to view access that has been previously granted and it must be easy and intuitive for PSUs to find and use. Careful consideration should be given to ensure that Dashboards are positioned logically and ideally placed no more than two clicks from the ASPSP’s Home Screen. 10b 3 ASPSPs could make available the VRP Access dashboard alongside other existing payment mandates like Direct Debit & Standing Orders provided it is easy and intuitive for the PSUs to find them in one location. The ASPSP may differentiate the PISP VRP access dashboard as Open Banking Payments.
CEG Checklist Requirements & CX Considerations 1 To aid clarity whilst providing detailed information if the PSU needs it, an Access Dashboard should provide an overview screen (Access Dashboard Home Page) which lists high level information for all consents, and a detailed page for each consent (Access Dashboard Detailed Page). 2 ASPSPs must display the PISP’s trading name/brand name* (i.e., the Client Name in the software statement) to the PSU during authentication screens and on any Access Dashboards. They do not need to display the registered company name of the PISP even if it is different. *- For more details refer to section – Access Dashboards when the customer-facing service provider and the PISP are different entities 3 ASPSPs must make available on all digital channels a PIS-VRP Access Dashboard which allows PSUs to view VRP access that has been previously granted and it must be easy and intuitive for PSUs to find and use. The ASPSP must provide PSUs with sufficient information to enable them to make an informed decision on the VRP Access Dashboard Home Page. As a minimum, ASPSPs must show on the VRP Access Dashboard Home Page: PISP Trading Name* Account type (if provided) ASPSP Sort Code and Account Number Start date i.e., date VRP access was first granted End date or where relevant the ongoing nature of the VRP access The ASPSP must also provide a manage button that allows the PSU to revoke access for each specific PISP. *- For more details refer to section – Access Dashboards when the customer-facing service provider and the PISP are different entities 10b 10d 4 ASPSP should offer functionality (e.g., search, sort, filter) to enable a PSU to search for the relevant VRP access. This will be of particular benefit as the number of consents for different ASPSPs/ accounts given by a PSU to PISPs increases. 5 ASPSPs must use just three status flags “Active” or “Cancelled” or “Expired”. Consent is defined as active if it has a valid access token that has not expired, and the consent expiry date has not elapsed. ASPSPs should make the status of PISP VRP access clear by either emboldened words or other design options like colouring as shown in the wireframe. 10d 6 ASPSPs should provide additional explanatory text to help PSUs understand how to revoke VRP access; using information bubbles helps to keep information manageable. 7 ASPSPs must provide a history of old connections. This should include VRP access that has been cancelled (revoked) at the ASPSP, consent that has been cancelled (revoked) at the PISP and consent that has expired. This gives the PSU a record of old VRP accesses. 10e 8 ASPSPs must provide a Detailed Page for each VRP access, which includes: PISP Trading Name PSU’s payment account details Account type (e.g., current account) Sort Code and Account Number Start date i.e., date VRP access was first granted End date or where relevant the ongoing nature of the VRP access List of all Consent parameters (payment rules) associated with each VRP consent Note: Each VRP access may have a different set of consent parameters associated depending on the PISP proposition. 10d 19a
This content is best viewed on a desktop browser. 1 CEG Checklist Requirements 1The ASPSP must provide a manage button that takes the PSU to the detailed view where they are able to revoke VRP access. 2 CEG Checklist Requirements 2The VRP Access Dashboard must allow a PSU to cancel the VRP access they have consented to easily and without obstruction or excessive barriers. 3 CEG Checklist Requirements 3ASPSP must make sure the PSU can see the cancelled (revoked) VRP access under historic consents (refer to section Access History example) where the status of the VRP access is “Cancelled”. ASPSPs must advise PSUs that they should contact the associated PISP to inform them of the cancellation of variable recurring payment access and/or understand the consequences of doing so. Select to scroll left Select to scroll right
CEG Checklist Requirements & CX Considerations 1 The ASPSP must provide a manage button that takes the PSU to the detailed view where they are able to revoke VRP access. 10c 2 The VRP Access Dashboard must allow a PSU to cancel the VRP access they have consented to easily and without obstruction or excessive barriers. 10c 3 ASPSP must make sure the PSU can see the cancelled (revoked) VRP access under historic consents (refer to section Access History example) where the status of the VRP access is “Cancelled”. ASPSPs must advise PSUs that they should contact the associated PISP to inform them of the cancellation of variable recurring payment access and/or understand the consequences of doing so. 10f
CEG Checklist Requirements & CX Considerations 1 ASPSPs must make all the historic VRP accesses (cancelled or expired) available to the PSU with details of consent parameters. Note: The duration of how long this is available on the Dashboard is in the competitive space of the ASPSP. 10e 2 ASPSPs must make available all the details of the consent Consent granted Consent expired/cancelled date Ability to expand consent parameters Ability to expand consent from an account and to account details Consent status (Expired/Cancelled) 10d
CEG Checklist Requirements & CX Considerations 1 ASPSPs should make available a list of payments associated with each VRP consent on the payment history page for all the active VRP consents 2 ASPSPs should show a list of payments associated with each cancelled/expired VRP consent on the payment history page or at least the total amount of payment made against each VRP consent.
CEG Checklist Requirements & CX Considerations 1 ASPSPs must display the customer-facing service provider name (the ‘on behalf of’ field in the software statement) along with the PISP trading name (‘client name’ field in the software statement) on the access dashboard. We note that ASPSPs can only show the customer-facing service provider/On Behalf field in cases where this information has been provided by PISP.
PIS VRP Consent Dashboard Previous Related articles Please select API specifications Access Revocation Changes to an Intent's Authorized State CBPII Consent Dashboard Next