Payment Initiation Services

Account Selection at ASPSP

This version is:

Published 4 years ago 20 Dec 2019
User Journey   There are cases where the payment order submitted by PISPs to ASPSPs…

Other pages in this section

User Journey

 

There are cases where the payment order submitted by PISPs to ASPSPs is incomplete, such as where the PSU’s account selection has not yet occurred.

In these scenarios, OBIE considers that SCA only needs to be obtained once, as part of the initial interaction between ASPSPs and the PSU. The fact that the PSU has to then carry out account selection or provide other information does not invalidate the SCA just performed by the ASPSP.

Equally, the display of the account balance by the ASPSP as part of the account selection process in the payment initiation journey should not require an additional application of SCA. We understand the FCA is comfortable with this approach, however we note that the application of SCA (and interpretation of relevant requirements) is a matter for individual ASPSPs.

 

Wireframes

This content is best viewed on a desktop browser.

1

CEG Checklist Requirements 1
Minimum Set of Parameters: As per Single Domestic Payments – a/c selection @ PISP, item #1.

2

CEG Checklist Requirements 2
PSU payment Account Selection: As per Single Domestic Payments – a/c selection @ PISP, item #2.

3

CEG Checklist Requirements 3
PSU Consent to PISP PISPs must request for the PSUs’ consent to the payment initiation in a clear and specific manner. PISPs must display the following information in the consent screen: Payment Amount and Currency (GBP for UK implementations). Payee Account Name. Payment Reference, if it has been entered by PSUs or prepopulated by PISPs in item #1. Selected ASPSP (based on item #2 options). For Payee Account Identification details (e.g. account number and sort code or additionally roll number or full IBAN): If this has been provided by PSUs in item #1, then PISPs must also display this in the consent screen to allow PSUs to check and verify correctness. If this has been pre-populated by PISPs (e.g. in a eCommerce payment scenario) PISPs could choose whether to display this information or not.

6

CEG Checklist Requirements 6
ASPSPs must apply SCA including dynamic linking, unless an exemption applies. The ASPSP authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP channel

9

CEG Checklist Requirements 9
Additional Parameters ASPSPs must allow PSUs to select the payment account to complete the payment order for execution. ASPSPs must ensure that they comply with their obligations relating to the FCA’s High Cost Credit Review: Overdrafts consultation paper and policy statement (CP18/42)

13

CEG Checklist Requirements 13
PISP Confirmation: As per Single Domestic Payments – a/c selection @ PISP, item #10.

14

CEG Checklist Requirements 14
Further Payment Status Update: As per Single Domestic Payments – a/c selection @ PISP, item #12.

CEG Checklist Requirements & Customer Experience Considerations

1

22

2

PSU payment Account Selection: As per Single Domestic Payments – a/c selection @ PISP, item #2.

24

3

PSU Consent to PISP

PISPs must request for the PSUs’ consent to the payment initiation in a clear and specific manner. PISPs must display the following information in the consent screen:

  • Payment Amount and Currency (GBP for UK implementations).
  • Payee Account Name.
  • Payment Reference, if it has been entered by PSUs or prepopulated by PISPs in item #1.
  • Selected ASPSP (based on item #2 options).

For Payee Account Identification details (e.g. account number and sort code or additionally roll number or full IBAN):

  • If this has been provided by PSUs in item #1, then PISPs must also display this in the consent screen to allow PSUs to check and verify correctness.
  • If this has been pre-populated by PISPs (e.g. in a eCommerce payment scenario) PISPs could choose whether to display this information or not.

8

6

ASPSPs must apply SCA including dynamic linking, unless an exemption applies.

The ASPSP authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP channel

    19 1

    ASPSPs could also display a message to prompt PSUs to authenticate to continue with their payment instruction.

    • ASPSPs should inform PSUs about their “point of no return” for making the payment and that their payment will be made after authentication occurs. Example wording: “Authenticate to make payment”.
    • For recognition based biometrics (e.g. Face ID) which can be more immediate the biometric authentication should be invoked after a delay or through a call to action to allow the PSU the ability to view the details. 
    • ASPSPs could display the balance of PSUs payment account(not shown on user journey)as part of the authentication journey on any of the following screens:
    1. ASPSPs’ Authentication screen.
    2. ASPSP to PISP redirection screen.

          Displaying the balance in this instance need not require any additional strong customer authentication.

    9

    Additional Parameters

    ASPSPs must allow PSUs to select the payment account to complete the payment order for execution.

    23

    Generic ASPSP to PISP redirection screen and message. Please refer to section Effective use of redirection screens.

    Generic ASPSP to PISP redirection screen and message. Please refer to section Effective use of redirection screens.

    If PSUs provide their payment account identification details (as per item #2 options), the PISP could, with the consent of the PSU, save the account details for future transactions (such as making further payments or initiating refunds back to PSUs) where this is part of the payment initiation service explicitly requested by the PSUFor example, a merchant, upon request from the PSU, may initiate a refund back to the PSU, by instructing the same  PISP that initiated the initial PSU transaction to use the saved PSU payment account identification details as the beneficiary details for the refund. This will be dependant on the same  PISP being used by both the PSU and the merchant, their specific contractual terms and relevant regulatory obligations under GDPR/PSRs.

    Moreover, PISPs can use this consent to provide a hint of the PSU’s identity using the customer identifier as part of the payment request  to enable the subsequent payment journey contemplated in section Authentication methods .

    14

    Further Payment Status Update: As per Single Domestic Payments – a/c selection @ PISP, item #12.

    27

     

    Example cases where the payment order submitted by PISP is incomplete

    What the research says

    “When account selection is done at the ASPSP, research amongst consumers has shown that 58% of participants prefer to be shown the balance for their selected payment account, before reviewing a payment. This was felt to assist in good personal financial management.”  

    Click for customer research