This space is deprecated and no longer supported. Please use the latest available version here.
Single Instant Payment
- Chris Michael
- Alexandros Dimitrakoudis
1. Description
This bank service request enables TPPs to initiate domestic Single Instant Payments (SIPs), with the Users' consent, from the Users' online payment accounts held at the LFI to a business or a personal beneficiary. The SIPs are to be executed immediately. TPPs are then further able to retrieve the status of the submitted payment order.
The SIP scope is targeted to domestic payee accounts (i.e. payee accounts offered by LFIs located in UAE) and payments in local currency as used by the local payment systems infrastructure for domestic payments.
This user journey requires a Single Use Consent of type Single Instant Payment Consent.
1.1 Payer and Payee Segments
The scope of the SIP bank service initiation related to the segments of payers and payees is shown below:
Payer | Payee | ||||
|---|---|---|---|---|---|
Consumers | SME | Corporates | Consumers | SME | Corporates |
1.2 Single Instant Payment (SIP) - Example User Story
User Story
As a User (Consumer, Business or Corporate),
I want to provide my consent to a TPP to use my payment account for initiating a Single Instant Payment of a fixed amount to a domestic beneficiary account owned by a business or an individual,
so that I can pay the relevant beneficiary immediately.
2. User Journey
Users can initiate, by providing their consent to TPPs, a payment order to their LFIs to make a one-off single payment of a specific amount to a specific payee.
2.1 Standard Journey
This is applied in cases where:
a) the payment order submitted by TPPs to LFIs is incomplete, such as where the Users' account selection has not yet occurred. In these scenarios, the UAE Open Finance Standard considers that MFA only needs to be obtained once, as part of the initial interaction between LFIs and the Users. The fact that Users have to then carry out account selection or provide other information does not invalidate the MFA just performed by the LFI. Equally, the display of the account balance by the LFI as part of the account selection process in the payment initiation journey SHOULD not require an additional application of MFA. The application of MFA is a matter for individual LFIs.
b) the payment order submitted by TPPs to LFIs has all the require information for the payment, but, an additional step in the LFIs' journeys may be required to display supplementary information to Users. LFIs MUST determine the situations where this supplementary information is required, under consideration that the principle of maintaining parity between the Open Finance journeys and LFIs' online channel journeys MUST be applied. Thus, if supplementary information is not provided within the LFIs' online channels directly to Users, then it MUST NOT be provided during an Open Finance Service Initiation request journey. LFI’s MUST also ensure that this information does not constitute an obstacle or additional check on the Consent provided by the User to the TPP.
2.2 Fast-track Journey
In cases where all the information for a complete payment order (including the Users’ account details) is passed from TPPs to LFIs, once Users have been authenticated, the payment is initiated and Users MUST be directed back to the TPPs' domains without any further steps taking place in the LFIs' domains.
3. Wireframes
3.1 Standard Journey
3.1.1 Rules & Guidelines
# | Step | Rules & Guidelines |
|---|---|---|
SIP-1 | Single Instant Payment Consent | Basic Consent Parameters TPPs MUST: 1.1 Enable Users to provide and review the parameters related to the SIP they need to consent to. These parameters include:
Note: Depending on the use case, the Payee details may not be displayed to Users in full. However, these still need to be part of the payment Consent request sent by the TPP.
|
| Additional Consent Parameters TPPs MUST: 1.2 Set the Accepted Authorization Type (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#7.-Accepted-Authorization-Type). 1.3 Set the Authorization Time Window (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#8.-Authorization-Time-Window) if there are specific timing requirements that must be met for the consent authorization. This is also relevant to cases where multiple authorizers are required to authorize the payment consent (Please refer to https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#18.-Multi-User-Authorization-Flow). 1.4 Set the Consent Expiry Date accordingly if the Authorization Time Window is set to more than 1 day. This is to avoid the consent expiring before all necessary authorizations are completed. Otherwise, the default value of the Consent Expiry Date MUST be set to the same day (i..e current day). The Consent Expiry Time MUST always be set to 23:59:59 of the Consent Expiry Date. 1.5 Set the Risk Information Block (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#9.-Risk-Information-Block) | |
| TPPs MUST: 1.6 Enable Users to provide explicit consent for the initiation of a SIP payment order from their online payment account held at their LFI as per the payment details specified in the payment Consent. | |
SIP-2 | Consent Staging | |
SIP-3 | Hand-off to LFI | Example wording to use: ‘We will securely transfer to YOUR LFI to authenticate and make the payment“. |
SIP-4 | Authentication | LFI Authentication Only LFIs MUST: 4.1 Enable Users to perform authentication with their LFIs, as per the following sections: 4.2 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if User Authentication has failed or Users opted to cancel the authentication/authorization process. |
Centralized Authentication and Authorization (Federated) Only 4.3 As per https://openfinanceuae.atlassian.net/wiki/x/HoBBAw | ||
SIP-5 | Confirmation/ Authorization | LFIs MUST: 5.1 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to review and authorize the Single Instant Payment (SIP) Consent. 5.2 Retrieve from the OFP the Single Instant Payment (SIP) Consent details staged by the TPP using the unique Consent Identifier and present to Users all the details included in this. 5.3 Allow Users to select a payment account for the initiation of the Single Instant Payment (SIP), if this was not provided in the retrieved staged payment Consent details, as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#12.-Payment-Account-Selection-at-LFI
5.4 Check the authorization status of the selected payment account is in accordance with the TPPs' Accepted Authorization Type as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#13.-Check-Accepted-Authorization-Type. |
5.5 Present to Users the following minimum required information for authorizing the Single Instant Payment (SIP) Consent:
5.6 Request Users to authorize the Single Instant Payment (SIP) Consent, so that a single instant payment can be initiated. 5.7 Provide Users the ability to abort the payment journey, if Users decided to terminate the request. The LFI MUST hand-off the Users back to the TPP, providing the necessary error message to the OFP and reject the Single Instant Payment (SIP) Consent. 5.8 Check the Authorization Time window is valid as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#20.-Check-Authorization-Time-Window 5.9 Change the state of the Single Instant Payment (SIP) Consent from Awaiting Authorization to Authorized, when all Authorizers (one or more) have authorized the payment Consent. 5.10 Update the Single Instant Payment (SIP) Consent details stored in the OFP with all the information included in the Single Instant Payment (SIP) Consent authorized by the User. | ||
OFP MUST: 5.11 Confirm back to the LFIs that the Single Instant Payment (SIP) Consent details have been updated successfully. | ||
Multi-Authorization Journey Only | ||
SIP-6 | Payment Initiation | LFIs MUST: 6.1 Trigger the payment initiation process for the payment Consent immediately after the Single Instant Payment (SIP) Consent has been fully authorized by all required authorizers (one or more). 6.2 Additionally apply all existing BAU payment account controls and limits such as single transaction value limit, total transaction value limit, AML checking (if applicable) and others, as if the payment request has been initiated by the existing channels of the LFI. LFIs MUST send an appropriate error response to the OFP in case the payment is rejected due to violating any of these limits. 6.3 Reject the payment initiation if the payment account selected for the payment has insufficient funds. The OFP MUST be notified about this rejection with an appropriate error message. 6.4 Subject to successful BAU checking, validation and payment processing, proceed with the execution of the payment by either submitting the payment to the underlying payment rails or executing internally as Intra-bank payment. 6.5 Provide the OFP with all the available information in relation to the initiated payment instruction including the payment’s unique identifier Payment Transaction ID. The format of the Payment Transaction ID can be found in the UAE Open Finance Standard specifications. 6.6 Ensure that the Payment Reference provided in the Single Instant Payment (SIP) Consent is made available to the Beneficiary’s account information in the case of Intra-bank payments within the same LFI. |
OFP MUST: 6.7 Send an appropriate error response to the TPPs in case the payment is rejected due to violating any of the LFIs BAU payment accounts checks or limits. 6.8 Send to the TPP the appropriate error message in case the payment initiation was rejected by the LFI due to insufficient funds in the selected payment account. 6.9 Provide the TPP with all the available information in relation to the initiated Single Instant Payment (SIP) instruction including the payment’s unique identifier Payment Transaction ID. | ||
SIP-7 | Payment Status Update | |
SIP-8 | Hand-off back to the TPP | |
SIP-9 | Confirmation to User | |
SIP-10 | Payment Notifications |
3.2 Fast-track Journey
3.2.1 Rules & Guidelines
# | Step | Rules & Guidelines |
|---|---|---|
FTSIP-1 | Single Instant Payment Consent | |
FTSIP-2 | Consent Staging | |
FTSIP-3 | Hand-off to LFI | |
FTSIP-4 | Authentication | |
FTSIP-5 | Confirmation/ Authorization | Fast-track Journey Only LFIs MUST: 5.1 Retrieve from the OFP the Single Instant Payment (SIP) Consent details staged by the TPP using the unique Consent Identifier. 5.2 Display as minimum the Payment Amount, Currency and the Payee Account Name to make the User aware of these details. These details MUST be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required):
5.3 Display the balance of Users payment account (not shown on the user journey) as part of the authentication journey on any of the aforementioned screens (stated in 5.2), in the case that Users are redirected to authenticate using an app (thus meeting 1 authentication factor). Displaying the balance in this instance need not require any additional strong customer authentication. Displaying the balance is other cases is optionaly for LFIs. 5.4 Allow the same minimum and maximum payment limits, as they offer in the Standard Journey and their other direct online channels. 5.5 Inform Users about their “point of no return” for making the payment and that their payment will be made after authentication occurs. Example wording: ‘Authenticate to make payment”. For recognition based biometrics (e.g. Face ID) which can be more immediate, the biometric authentication should be invoked after a delay or through a call to action to allow the User the ability to view the details of the payment that needs to be authorized. 5.6 Inform Users about accepting their T&Cs when proceeding from the “point of no return” for making the payment. 5.7 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to authorize the Single Instant Payment (SIP) Consent. 5.9 Provide Users the ability to abort the payment journey, if Users decided to terminate the request. The LFI MUST hand-off the Users back to the TPP, providing the necessary error message to the OFP and reject the Single Instant Payment (SIP) Consent. |
OFP MUST: 5.10 Check the Authorization Time window is valid as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#20.-Check-Authorization-Time-Window 5.11Change the state of the Single Instant Payment (SIP) Consent from Awaiting Authorization to Authorized, when all Authorizers (one or more) have authorized the payment Consent. 5.12 Update the Single Instant Payment (SIP) Consent details stored in the OFP with all the information included in the Single Instant Payment (SIP) Consent authorized by the User. 5.13 Confirm back to the LFIs that the Single Instant Payment (SIP) Consent details have been updated successfully. | ||
FTSIP-6 | Payment Initiation | |
FTSIP-7 | Payment Status Update | |
FTSIP-8 | Hand-off back to the TPP | |
FTSIP-9 | Confirmation to User | Fast-track Journey Only TPPs MUST: 9.1 Display to Users the information received from the LFIs. This information may include:
9.2 Display any of the following information regarding initiation and execution of the payment, if received by the LFIs:
|
FTSIP-10 | Payment Notifications |
3.3 Using Confirmation of Payee (COP)
The following are example wireframes of the Open Finance user journey when the Confirmation of Payee service is used.
3.3.1 Rules & Guidelines
# | Step | Rules & Guidelines |
|---|---|---|
COP-1 | Single Instant Payment Consent | As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109413626/Single+Instant+Payment#Single-Instant-Payment-Consent , step 1.1 except for:
TPPs MUST: 1.1 Enable Payee Identification using one of the following options:
1.2 Ensure that the format and the validation rules of the Payee Identification details are correct, when Users manually enter the Payee Identification details. If incorrect, TPPs MUST request Users to review and re-enter the information. |
COP-2 | Discovery | TPPs MUST: 2.1 Send a request to the OFP in order to discover the LFI entity of the Payee that will be used to confirm the payee using the COP service and receive the information of how to make a Confirmation of Payee (COP) API call to the Payee’s LFI. The request MUST include on of the following options:
OFP MUST: 2.2 Resolve the request received by the TPP and respond back to the TPP with the information of how to access the COP service on the LFI entity that holds the Payee Account. |
COP-3 | COP Service | TPPs MUST: 3.1 Only use the COP service as part of a Bank Service Initiation journey and MUST NOT use the COP servcie for any non-payment initiation pursposes. 3.2 Request the OFP to perform Confirmation of Payee for the Payee Identification provided by the User for the payment Consent. 3.3 Provide the necessary information to the OFP to execute the Confirmation of Payee service. This informaiton include:
|
OFP MUST: 3.4 Make a Customer Data Request to the Payee’s LFI, specifying the Payee Account in IBAN or domestic account number format. The data permissions the OFP request will include the following:
| ||
|
| PAYEE LFI MUST: 3.5 Receive the Customer Data request from the OFP with the Payee Account in IBAN or domestic account number format for accessing the Account Name (including First Name and Surname or Business Name) information 3.6 Retreive the Account Name (including First Name and Surname or Business Name) information related to the Payee Account identified by the provided IBAN or domestic account and return all the related data in the response messsage.
3.7 Provide Users wiht the option to select to opt-out from the COP service, so that their account information is not shared with the OFP for COP checking.
|
|
| OFP MUST: 3.8 Make a Customer Data Request to the Payee’s LFI, specifying the Payee Account in IBAN or domestic account number format. The data permissions the OFP request will include the following:
3.9 Receive the Customer Data from the Data Request Response of the API endpoint. 3.10 Compare the Account Name information received by the Payee’s LFI with the Payee Identificaiton details included in the Confirmation of Payee Request. The outcome will be as follows:
3.11 Provide to the TPP the appropriate information depending on the outcome of the Confirmation of Payee service as follows:
|
COP-4 | User Payee Name Confirmation | TPPs MUST: 4.1 Display to Users the outcome of the Confirmation of Payee service (Yes/No) next to the Payee Account Name provided by the User. 4.2 Provide Users one of the following alternatives based on the outcome of the CoP service:
|
COP No Return of Data/Error Only OFP MUST: 4.3 Inform the TPPs that the Payee Name cannot be verified due to error in the Confirmation of Payee service. The OFP MUST provide the appropriate error message for the failure. TPPs MUST: 4.4 Inform Users that the Payee Name cannot be verified by the Confirmation of Payee service. 4.5 Inform Users about the risk of proceeding with making the payment without confirming the Payee and advise that they should only proceed with the payment journey at their own risk, if certain that the payment details are correct. 4.6 Provide the ability to Users to either go back to provide new Payee Identifications details (i.e. move to step COP-1) or proceed with the payment confirming its risk. | ||
COP-5 | Single Instant Payment Consent | As per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109413626/Single+Instant+Payment#Single-Instant-Payment-Consent , step1 1.2 to 1.6 |
COP-6 | Consent Staging | |
COP-7 | Hand-off to LFI | |
COP-8 | Authentication | |
COP-9 | Confirmation/ Authorization | |
COP-10 | Payment Initiation | |
COP-11 | Payment Status Update | |
COP-12 | Hand-off back to the TPP | |
COP-13 | Confirmation to User | |
COP-14 | Payment Notifications |
© CBUAE 2024
Open License and Contribution Agreement | Attribution Notice
Please try out our Advanced Search function.