...
# | Step | Rules & Guidelines |
|---|---|---|
SIP-1 | Single Instant Payment Consent | Basic Consent Parameters TPPs MUST: 1.1 Enable Users to provide and review the parameters related to the SIP they need to consent to. These parameters include:
|
Additional Consent Parameters TPPs MUST: 1.2 Set/clear the “Is Single Authorization” flag as appropriate (as per https://openfinanceuae.atlassian.net/wiki/spaces/8f0faec0e6b142f9a297da314b668b93/pages/277942495/Common+Rules+and+Guidelines#7.-Is-Single-Authorization-flag). 1.3 Set the Authorization Expiration DateTime (as per https://openfinanceuae.atlassian.net/wiki/spaces/8f0faec0e6b142f9a297da314b668b93/pages/277942495/Common+Rules+and+Guidelines#8.-Authorization-Expiration-DateTime) if there are specific timing requirements that must be met for the consent authorization. This is also relevant to cases where multiple authorizers are required to authorize the payment consent (please refer to https://openfinanceuae.atlassian.net/wiki/spaces/8f0faec0e6b142f9a297da314b668b93/pages/277942495/Common+Rules+and+Guidelines#18.-Multi-User-Authorization-Flow). 1.4 Set the Risk Information Block (as per https://openfinanceuae.atlassian.net/wiki/spaces/8f0faec0e6b142f9a297da314b668b93/pages/277942495/Common+Rules+and+Guidelines#9.-Risk-Information-Block) | ||
TPPs MUST: 1.5 Enable Users to provide explicit consent for the initiation of a SIP payment order from their online payment account held at their LFI as per the payment details specified in the payment Consent. | ||
SIP-2 | Consent Staging | |
SIP-3 | Hand-off to LFI | Example wording to use: ‘We will securely transfer to YOUR LFI to authenticate and make the payment“. |
SIP-4 | Authentication | LFI Authentication Only LFIs MUST: 4.1 Enable Users to perform authentication with their LFIs, as per the following sections: 4.2 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if User Authentication has failed or Users opted to cancel the authentication/authorization process. |
Centralized Authentication and Authorization (Federated) Only 4.3 As per Centralized Authentication and Authorization. | ||
SIP-5 | Authorization | LFIs MUST: 5.1 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to review and authorize the Single Instant Payment (SIP) Consent. 5.2 Retrieve from the OFP the Single Instant Payment (SIP) Consent details staged by the TPP and present relevant details to the User. 5.3 Allow Users to select a payment account for the initiation of the Single Instant Payment (SIP), if this was not provided in the retrieved staged payment Consent details, as per https://openfinanceuae.atlassian.net/wiki/spaces/8f0faec0e6b142f9a297da314b668b93/pages/277942495/Common+Rules+and+Guidelines#12.-Payment-Account-Selection-at-LFI
5.4 Verify that the authorization status of the chosen payment account aligns with the “Is Single Authorization” flag specified by the TPPs, as per https://openfinanceuae.atlassian.net/wiki/spaces/8f0faec0e6b142f9a297da314b668b93/pages/277942495/Common+Rules+and+Guidelines#7.-Is-Single-Authorization-flag. |
5.5 Display to Users the TPP Trading Name of the TPP that initiated the Single Instant Payment (SIP) Consent.
5.6 Present to Users the following minimum required information for authorizing the Single Instant Payment (SIP) Consent:
5.7 Request Users to authorize the Single Instant Payment (SIP) Consent, so that a single instant payment can be initiated. 5.8 Provide Users the ability to cancel the payment journey, if Users decided to terminate the request. The LFI MUST hand-off the Users back to the TPP, providing the necessary error message to the OFP and reject the Single Instant Payment (SIP) Consent. 5.9 Change the state of the Single Instant Payment (SIP) Consent from Awaiting Authorization to Authorized, when all Authorizers (one or more) have authorized the payment Consent. 5.10 Update the Single Instant Payment (SIP) Consent details stored in the OFP. | ||
OFP MUST: 5.11 Check the Authorization Time window is valid as per https://openfinanceuae.atlassian.net/wiki/spaces/8f0faec0e6b142f9a297da314b668b93/pages/277942495/Common+Rules+and+Guidelines#19.-Check-Authorization-Time-Window. 5.12 Confirm back to the LFIs that the Single Instant Payment (SIP) Consent details have been updated successfully. | ||
Multi-Authorization Journey Only | ||
SIP-6 | Hand-off back to the TPP | |
SIP-7 | Payment Initiation | TPPs MUST: 7.1 Submit to OFP the payment initiation requests with the same parameters as per the Payment Consent authorized by the User.
|
OFP MUST: 7.2 Allow the TPPs to submit the individual payment initiation request under the Payment Consent authorized by the User, without any additional MFA or authorization from the User. 7.3 Check that the received payment initiation request relates to a valid Payment Consent authorized by the User. The Consent MUST be in the Authorized state. The OFP MUST reject a payment initiation message related to a Payment Consent in a different state and respond back to the TPP with the appropriate error message/code. 7.4 Check the payment initiation request parameters against the authorized Payment Consent. All parameters MUST match exactly.
7.5 Send the SIP payment initiation request to the LFI for initiating an instant payment using the payment parameters included in the payment initiation request including:
| ||
LFIs MUST: 7.6 Trigger the payment initiation process for the payment Consent immediately after receiving the payment initiation request from the OFP.
7.7 Additionally apply all existing BAU payment account controls and limits such as single transaction value limit, total transaction value limit, AML checking (if applicable) and others, as if the payment request has been initiated by the existing channels of the LFI. LFIs MUST send an appropriate error response to the OFP in case the payment is rejected due to violating any of these limits. 7.8 Reject the payment initiation if the payment account selected for the payment has insufficient funds. The OFP MUST be notified about this rejection with an appropriate error message. 7.9 Subject to successful BAU checking, validation and payment processing, proceed with the execution of the payment by either submitting the payment to the underlying payment rails or executing internally as Intra-bank payment. 7.10 Provide the OFP with all the available information in relation to the initiated payment instruction including the payment’s unique identifier payment Transaction ID. 7.11 Ensure that the Creditor Reference provided in the SIP payment initiation is made available to the Creditor’s account information in the case of intra-bank payments within the same LFI. | ||
OFP MUST: 7.12 Send an appropriate error response to the TPPs in case the payment is rejected due to violating any of the LFIs BAU payment accounts checks or limits. 7.13 Send to the TPP the appropriate error message in case the payment initiation was rejected by the LFI due to insufficient funds in the selected payment account. 7.14 Provide the TPP with all the available information in relation to the initiated Single Instant Payment (SIP) instruction including the payment’s unique identifier payment Transaction ID. | ||
SIP-8 | Payment Status Update | |
SIP-9 | Confirmation to User | |
SIP-10 | Payment Notifications |
3.1.3 Journey Variations
3.1.3.1 User selects account at the TPP & LFI provides Supplementary Information (Duplicate Payment)
...
3.1.3.2 User selects account at the TPP & LFI provides Supplementary Information
...
3.1.3.3 User selects LFI at the TPP & merchant is the user facing entity using a TPP for Open Finance payments
...
3.2 Fast-track Journey
In cases where all the information for a complete payment order (including the Users’ account details) is passed from TPPs to LFIs, once Users have been authenticated, the payment is initiated and Users MUST be directed back to the TPPs' domains without any further steps taking place in the LFIs' domains.
...