Versions Compared

Version Old Version 1 New Version 2
Changes made by

Manish Haldankar

Manish Haldankar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleMENU
Table of Contents
stylenone

...

The factors used by TPPs MUST be in alignment with the list of required evidence that will be listed in the liability model.

1.6 Balance Check Permission

The long-lived Consent can be extended to include optional permission for Balance Check which allows the TPP to check the balance of the User’s Payment account before initiating a payment as part of this consent.

This capability allows the TPP

  • check the balance in advance of payment to be initiated as part of this consent consent and ask the user to take remedial action if the funds are insufficient.

  • display the balance to the user at the point of initiating a payment.

2. User Journey

...

image-20240509-082526.pngImage Added

3. Wireframes

...

3. Wireframes (MPs)NEW.pngImage Added

3.1. Consent Setup

#

Step

Rules & Guidelines

MPCS-1

Consent setup

Basic Consent Parameters

TPPs MUST:

1.1 Enable Users to provide and review the parameters related to the initiation of a series of Multi-Payments they need to consent to. These parameters include:

Additional Consent Parameters

1.2 Set the Accepted Authorization Type (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#7.-Accepted-Authorization-Type).

1.3 Set the Authorization Time Window (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#8.-Authorization-Time-Window) if there are specific timing requirements that must be met for the consent authorization. This is also relevant to cases where multiple authorizers are required to authorize the payment consent.

1.4 Set the Risk Information Block (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#9.-Risk-Information-Block)

1.5 Enable Users to provide explicit consent for the initiation of future Payments from their online payment account held at their LFI as specified in the consent.

Balance Check Permission

1.6 Optionally request permission to check the balance of the payment account before initiating a payment.

MPCS-2

Consent Staging

As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#10.-Consent-Staging

MPCS-3

Hand-off to LFI

As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#11.-Hand-off-to-LFI

Example wording to use: ‘We will securely transfer to YOUR LFI to authenticate and authorize your payments setup“.

MPCS-4

Authentication

LFI Authentication Only

As per the following sections:

Centralized Authentication and Authorization (Federated) Only

As per https://openfinanceuae.atlassian.net/wiki/x/HoBBAw

MPCS-5

Confirmation/ Authorization

LFIs MUST:

5.1 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to review and authorize the long-lived payment Consent.

5.2 Retrieve from the OFP the payment Consent details staged by the TPP using the unique Consent Identifier.

5.3 Allow Users to select a payment account for the initiation of the payments, if this was not provided in the retrieved staged Payment Consent details as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#12.-Payment-Account-Selection-at-LFI

  • 5.3.1 Allow Users to select a payment account for the initiation of the payments even if it has insufficient funds at the time of the payment Consent authorization. This allows Users to fund the payment accounts appropriately before the dates of the payment initiation. However, the LFIs MUST inform the User, if the selected payment account has insufficient funds.

5.4 Only present additional screens, if necessary to allow the validation and confirmation of the payment Consent.

5.5 NOT earmark (i.e. block) any funds related to the payment Consent in the Users' payment account at the point of Consent authorization.

5.6 Check the authorization status of the selected payment account is in accordance with the TPPs' Accepted Authorization Type as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#13.-Check-Accepted-Authorization-Type.

5.8 Present to Users the following minimum required information for authorizing the long-lived payments Consent:

  • User Payment Account

  • Consent Reference

  • Currency

  • Consent Expiration Date & Time

  • Fees & VAT (if applicable): These are potential charges that will be applied to the User account for making a payment in relation to the long-lived payment Consent. Both bank charges and VAT MUST be presented, stated separately, prior to the User Consent authorization. If applicable, LFIs MUST apply the charges on the date of each payment initiation and not at the point of payment Consent authorization.

5.9 Request for Balance Check Permission: If the TPP has requested permission to check the balance of the User’s payment account.

5.10 Check the Authorization Time window is valid as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#20.-Check-Authorization-Time-Window

5.11 Change the state of the payment Consent from Awaiting Authorization to Authorized when all Authorizers (one or more) have authorized the payment Consent.

5.12 Update the payment Consent details stored in the OFP with all the information included in the payment Consent authorized by the User.

OFP MUST:

5.13 Confirm back to the LFIs that the payment Consent details have been updated successfully.

5.14 Start tracking the Consent Control Parameters for the Control Period at the Control Period Start Date, if provided, or the Consent creation Date otherwise. The Control Period starts from 00:00:00 of the day and ends at 23:59:59 of the Control Period end day, calculated based on the Control Period type as defined in https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092119/Multi-Payments#6.3.2-VRP-Consent-Control-Period-%26-Start-Date.

Multi-Authorization Journey Only

5.16 As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#18.-Multi-User-Authorization-Flow

MPCS-6

Hand-off back to the TPP

6.1 As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#14.-Hand-off-back-to-the-TPP

MPCS-7

Confirmation to User

7.1 As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#16.-Confirmation-to-User

7.2 As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#19.-Payment-Details-Saving

4. Balance Check

#

Step

Rules & Guidelines

Balance Check

TPPs MUST:

1.1 be able to request the balance information using the authorized long lived consent before initiating the payment.

1.2 use this capability only in relation to the Payment initiation step to follow.

1.3 not use this capability as an alternative for Account Information Service,for example, to satisfy use cases like Personal finance manager where the account balance is being refreshed periodically.

1.4 make this request not earlier than 24 hours from when a scheduled payment will be initiated.

LFIs MUST:

2.1 Provide the OFP with the the information related to the balance of the User's account which was used for authorizing the Multi Payment consent. This information must be the same information as defined under the Balances in https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2/pages/52528609/Customer+Data#6.3-Data-Cluster-Structure-%26-Language

OFP MUST:

3.1 Provide the TPP with all the available information in relation to the balance check request.

3.2 Send an appropriate error response to the TPPs in case the balance check request was not successful.

...

#

Step

Rules

MPCU-1

Consent Update

TPPs MUST:

1.1 Enable Users to use the Consent Dashboard to amend the following parameters of a long-lived Payment consent:

1.2 Require the Users to authenticate with their LFI and authorize the Consent update.

...

.

6. Common Rules & Guidelines

...