...
# | Step | Rules & Guidelines |
|---|---|---|
REF-1 | Single Instant Payment Consent with Refund Permission | |
User Consent to TPP In addition to Users’ consent to the payment initiation: TPPs MUST: 1.1 Request Users' explicit consent before they are able to request the Users' payment account details from the LFI for the purpose of refunds, as part of the payment initiation process. 1.2 Present the User consent for payment initiation and Refund Information in a single step. 1.3 Make it clear to Users that they will share these details with the Creditor or use the details for refund processing, if the User requests and agrees a refund with the Creditor (i.e. the merchant)
“If you ask for a refund, we will request your LFI to share your payment account details with us. These details may be shared with the creditor or may be used by us to process your refund request. We will not use these details for any other purpose and we will not retain these details after your refund request has been processed.” 1.4 NOT request the Users' consent for Refund Information of their payment account details from the LFI, in cases where there is no realistic chance the refund information data (i.e. the User account details) to be used (e.g. where the merchant business model does not offer refunds). 1.5 Set the appropriate Refund Information flag Include the ReadRefundAccount permission in the payment Consent payload to confirm that the User has provided explicit consent for a Refund Information request, when a refund has been requested. | ||
REF-2 | Consent Staging | |
REF-3 | Hand-off to LFI | |
REF-4 | Authentication | |
REF-5 | Authorization | |
LFIs MUST: 5.1 Provide clear messaging to the Users in relation to the consent provided to TPPs for requesting their payment account details for refund purposes. Example wording may be as follows: “TPP will be permitted to request your account details for refund purposes.” | ||
REF-6 | Payment Initiation | |
REF-7 | Payment Status Update | |
REF-8 | Hand-off back to the TPP | |
REF-9 | Confirmation to User | |
TPPs MUST: 9.1 Confirm to Users that they have received permission to request their payment account information in the future for the purpose of refunds. 9.2 Provide clear messaging to the Users confirming the permission provided to them for requesting payment account details for refund purposes. Example wording may be as follows: “We have saved your permission to request your payment account details from your LFI for refund purposes. If you ask for a refund, we will request these details and share them with the payee or use them to process your refund request. We will not use these details for any other purpose.” | ||
REF-10 | Payment Notifications |
...
# | Step | Rules & Guidelines |
|---|---|---|
REFREQ-1 | Pre-condition | Both User and Merchant MUST have agreed to a refund and no dispute exists between them. |
REFREQ-2 | Request Refund Information | TPPs MUST: Submit to OFP a Refund Information Request specifying the payment Consent ID related to the original payment for which a refund has been requested. |
REFREQ-3 | Processing of Refund Information Request | OFP MUST: 3.1 Allow the TPPs to submit the Refund Information Request in relation to a single-use or long-lived Payment Consent authorized by the User, without any additional MFA or authorization from the User. 3.2 Check that the received Refund Information Request relate to a valid Payment Consent authorized by the User. 3.3 Check that the Refund Information flag in the Payment Consent has been setincludes the ReadRefundAccount Permission, confirming that the User has provided permission for this payment account details to be provided for the purpose of Refund payments. 3.4 Send the Refund Information Request to the LFI for acquiring the User’s payment account in relation to the Consent ID specified. |
LFIs MUST: 3.5 Allow the OFP to submit the Refund Information Request without any additional MFA or authorization from the User. 3.6 Search their records for the User payment account in relation to the payment Consent ID specified in the Refund Information Request. 3.7 Provide the OFP with the User payment account details in relation to the specified payment Consent ID in response to the Refund Information Request. The format of the User payment account is as per as per https://openfinanceuae.atlassian.net/wiki/spaces/8f0faec0e6b142f9a297da314b668b93/pages/277942495/Common+Rules+and+Guidelines#2.-User-Payment-Account-Selection. | ||
OFP MUST: 3.8 Send an appropriate error response to the TPPs in case the Refund Information Request is rejected due to an invalid payment Consent. 3.9 Provide the TPP with the User payment account in relation to the payment Consent ID used to make the original payment, which has been requested to be refunded. | ||
REFREQ-4 | Refund Information Received | TPPs MUST: Confirm to PSUs using notifications that they have received their payment account information to be used for the purpose of refunds. Note: Using, accessing and storing the User account details is the responsibility of the TPP. TPPs would need to ensure that if required to be stored, these details are stored securely and in line with relevant regulatory obligations. |
...