...
# | Step | Rules & Guidelines |
|---|---|---|
SIP-1 | Single Instant Payment Consent | Basic Consent Parameters TPPs MUST: 1.1 Enable Users to provide and review the parameters related to the SIP they need to consent to. These parameters include:
Note: Depending on the use case, the Payee details may not be displayed to Users in full. However, these still need to be part of the payment Consent request sent by the TPP.
|
Additional Consent Parameters TPPs MUST: 1.2 Set the Accepted Authorization Type (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#7.-Accepted-Authorization-Type). 1.3 Set the Authorization Time Window (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#8.-Authorization-Time-Window) if there are specific timing requirements that must be met for the consent authorization. This is also relevant to cases where multiple authorizers are required to authorize the payment consent (Please refer to https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#18.-Multi-User-Authorization-Flow). 1.4 Set the Consent Expiry Date accordingly if the Authorization Time Window is set to more than 1 day. This is to avoid the consent expiring before all necessary authorizations are completed. Otherwise, the default value of the Consent Expiry Date MUST be set to the same day (i..e current day). The Consent Expiry Time MUST always be set to 23:59:59 of the Consent Expiry Date. 1.5 Set the Risk Information Block (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#9.-Risk-Information-Block) | ||
TPPs MUST: 1.6 Enable Users to provide explicit consent for the initiation of a SIP payment order from their online payment account held at their LFI as per the payment details specified in the payment Consent. | ||
SIP-2 | Consent Staging | |
SIP-3 | Hand-off to LFI | Example wording to use: ‘We will securely transfer to YOUR LFI to authenticate and make the payment“. |
SIP-4 | Authentication | LFI Authentication Only LFIs MUST: 4.1 Enable Users to perform authentication with their LFIs, as per the following sections: 4.2 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if User Authentication has failed or Users opted to cancel the authentication/authorization process. |
Centralized Authentication and Authorization (Federated) Only 4.3 As per https://openfinanceuae.atlassian.net/wiki/x/HoBBAw | ||
SIP-5 | Confirmation/ Authorization | LFIs MUST: 5.1 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to review and authorize the Single Instant Payment (SIP) Consent. 5.2 Retrieve from the OFP the Single Instant Payment (SIP) Consent details staged by the TPP using the unique Consent Identifier and present to Users all the details included in this. 5.3 Allow Users to select a payment account for the initiation of the Single Instant Payment (SIP), if this was not provided in the retrieved staged payment Consent details, as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#12.-Payment-Account-Selection-at-LFI
5.4 Check the authorization status of the selected payment account is in accordance with the TPPs' Accepted Authorization Type as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#13.-Check-Accepted-Authorization-Type. |
5.5 Present to Users the following minimum required information for authorizing the Single Instant Payment (SIP) Consent:
5.6 Request Users to authorize the Single Instant Payment (SIP) Consent, so that a single instant payment can be initiated. 5.7 Provide Users the ability to abort the payment journey, if Users decided to terminate the request. The LFI MUST hand-off the Users back to the TPP, providing the necessary error message to the OFP and reject the Single Instant Payment (SIP) Consent. 5.8 Check the Authorization Time window is valid as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#20.-Check-Authorization-Time-Window OFP MUST: 5.9 Change the state of the Single Instant Payment (SIP) Consent from Awaiting Authorization to Authorized, when all Authorizers (one or more) have authorized the payment Consent. 5.10 Update the Single Instant Payment (SIP) Consent details stored in the OFP with all the information included in the Single Instant Payment (SIP) Consent authorized by the User. | ||
OFP MUST: 5.11 Confirm back to the LFIs that the Single Instant Payment (SIP) Consent details have been updated successfully. | ||
Multi-Authorization Journey Only | ||
SIP-6 | Payment Initiation | LFIs MUST: 6.1 Trigger the payment initiation process for the payment Consent immediately after the Single Instant Payment (SIP) Consent has been fully authorized by all required authorizers (one or more). 6.2 Additionally apply all existing BAU payment account controls and limits such as single transaction value limit, total transaction value limit, AML checking (if applicable) and others, as if the payment request has been initiated by the existing channels of the LFI. LFIs MUST send an appropriate error response to the OFP in case the payment is rejected due to violating any of these limits. 6.3 Reject the payment initiation if the payment account selected for the payment has insufficient funds. The OFP MUST be notified about this rejection with an appropriate error message. 6.4 Subject to successful BAU checking, validation and payment processing, proceed with the execution of the payment by either submitting the payment to the underlying payment rails or executing internally as Intra-bank payment. 6.5 Provide the OFP with all the available information in relation to the initiated payment instruction including the payment’s unique identifier Payment Transaction ID. The format of the Payment Transaction ID can be found in the UAE Open Finance Standard specifications. 6.6 Ensure that the Payment Reference provided in the Single Instant Payment (SIP) Consent is made available to the Beneficiary’s account information in the case of Intra-bank payments within the same LFI. |
OFP MUST: 6.7 Return back to the TPP in the Single Instant Payment (SIP) Consent response the IBAN of the Payee identification returned by the Proxy resolution, if the Single Instant Payment (SIP) Consent was submitted for User Authorization using a Proxy as the Payee Identification. 6.8 Send an appropriate error response to the TPPs in case the payment is rejected due to violating any of the LFIs BAU payment accounts checks or limits. 6.9 Send to the TPP the appropriate error message in case the payment initiation was rejected by the LFI due to insufficient funds in the selected payment account. 6.10 Provide the TPP with all the available information in relation to the initiated Single Instant Payment (SIP) instruction including the payment’s unique identifier Payment Transaction ID. | ||
SIP-7 | Payment Status Update | |
SIP-8 | Hand-off back to the TPP | |
SIP-9 | Confirmation to User | |
SIP-10 | Payment Notifications |
...
The following is an example wireframe of the Open Finacen Finance user journey when Confirmaiton the Confirmation of Payee service is used.
...
# | Step | Rules & Guidelines |
|---|---|---|
COP-1 | Single Instant Payment Consent | As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70091893/Single+Instant+Payment#Single-Instant-Payment-Consent except for:
TPPs MUST: 1.1 Enable Payee Identification using one of the following options:
1.2 Ensure that the format and the validation rules of the Payee Identification details are correct, when Users manually enter the Payee Identification details. If incorrect, TPPs MUST request Users to review and re-enter the information. |
COP-2 | Consent Staging | |
COP-3 | Hand-off to LFI | |
COP-4 | Authentication | |
COP-5 | Confirmation/ Authorization | COP Service LFIs MUST: 5.1 Request the OFP to perform Confirmation of Payee for the Payee Identification provided in the staged payment Consent. This may be required when:
5.2 Provide the necessary information to the OFP to perform the Confirmation of Payee service. This informaiton include:
|
OFP MUST: 5.3 Identify the the Payee’s Account Holding LFI by using the Payee’s Account Holding code inclued included in the payment Consent. 5.4 Make a Customer Data Request to the Payee’s LFI, using the appropriate API endpoint and specifying the Payee Account in IBAN or domestic account number format. The data permissions that the the OFP will request include the following:
5.5 Provide back to the User’s LFI the Account Name information received by the Payee’s LFI as the outcome of the Confirmation of Payee service request. | ||
LFIs MUST: 5.6 Add to the Single Instant Payment (SIP) Consent the Payee Account Name returned by the Confirmation of Payee service, without masking. 5.7 Display the masked Payee Account Name (First and Surname) in the minimum required information for authorizing the Single Instant Payment (SIP) Consent. 5.8 Allow Users to abort the payment journey if the displayed masked Payee Account Name (First and Surname) is not the one they intended to pay. | ||
COP No Return of Data/Error LFIs MUST: 5.9 Inform the User that the Payee Name cannot be verified due to error in the Confirmation of Payee service. LFIs MUST provide the appropriate error message for the failure. 5.10 Inform the User about the risk of proceeding with making the payment without confirming the Payee and advise that the payment journey should be aborted and User redirected back to TPP. | ||
COP-6 | Payment Initiation | |
COP-7 | Payment Status Update | |
COP-8 | Hand-off back to the TPP | |
COP-9 | Confirmation to User | |
COP-10 | Payment Notifications |
...