1. Description
This bank service request enables original payees (or their TPPs ) to refund a payer (i.e. User), where the original payee is a merchant receiving payments for purchase of goods/services. The functionality relates to refunds of Open Finance TPP initiated payments, which are required as a result of the merchants' commercial relationship with the customer (i.e. User). Refunds are to be fulfilled via Open Finance, and a refund payment would require the submission of a refund payment request via the merchant's TPP to the merchant's LFI, to facilitate the refund back to the payer (i.e. User) of the original transaction.
The Refund bank service request deals purely with TPP related refunds based on the merchant - customer commercial relationship and does not cover refunds for unauthorized, defective, late or non-executed payment transactions. Moreover, the Refund service request provides the applicable functionality to enable a payer (i.e. User) to receive a refund amount (full or partial) when both payer and a payee (merchant) have agreed the refund and no dispute exists between them.
The Refund scope is targeted to domestic payee accounts (i.e. payee accounts offered by LFIs located in UAE) and payments in local currency as used by the local payment systems infrastructure for domestic payments.
This user journey requires a Single Use Consent of type Single Refund Consent.
1.1 Payer and Payee Segments
The scope of the Refund bank service initiation related to the segments of payers and payees is shown below:
Payer (Merchant) | Payee (Customer) | ||||
|---|---|---|---|---|---|
Consumers | SME | Corporates | Consumers | SME | Corporates |
|
|
|
|
|
|
1.2 Refund - Example User Story
User Story
As a User (Business or Corporate),
I want to be able to initiate a partial or full refund of payment received via an Open Finance,
so that I can fulfil the requirement to refund customers in case of returns and undisputed complaints for goods or services.
2. User Journey
2.1 Journey Summary
The User buys goods or services from the merchant. Within the agreed period of time and under the terms & conditions, the User requests a refund for goods or services previously purchased. Both agree to a refund and no dispute exists between them (refund as BAU process). The merchant’s TPP initiates a refund payment from the merchant's LFI account with the merchant's consent using the original Transaction ID. This is a return payment order to the PASP..
In cases where the PSU selects their account at the ASPSP as shown in the journey Single Domestic Payments – a/c selection @ ASPSP, the PISP may not be able to obtain the PSU’s account details (sort code and account number) from the PSU directly within their consent journey. This could create challenges for the PISP if the PSU requests a refund for the transaction at a later stage. Accordingly, the PISP would need to obtain these details from either from the PSU, the merchant/service provider or the PSU’s ASPSP in order to provide a refund, if requested.
This information gap is solved by modifying the original payment journey Single Domestic Payments – a/c selection @ ASPSP as shown above, which is referred to as Synchronous Refund Information.
During the consent journey, when the PSU provides their explicit consent to the PISP for initiating a payment order; the PSU would simultaneously provide their permission for the PISP to request their account details (for example sort code and account number for domestic payments) from their ASPSP for the purposes of providing a future refund. This consent is included as a flag within the payload which is submitted to the ASPSP as part of the payment initiation request. The ASPSP then returns the payment details to the PISP for each transaction.
3. Wireframes
3.1 Rules & Guidelines
# | Step | Rules & Guidelines |
|---|---|---|
SIP-1 | Single Instant Payment Consent | Basic Consent Parameters TPPs MUST: 1.1 Enable Users to provide and review the parameters related to the SIP they need to consent to. These parameters include:
Note: Depending on the use case, the Payee details may not be displayed to Users in full. However, these still need to be part of the payment Consent request sent by the TPP.
|
Additional Consent Parameters TPPs MUST: 1.2 Set the Accepted Authorization Type (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#7.-Accepted-Authorization-Type). 1.3 Set the Authorization Time Window (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#8.-Authorization-Time-Window) if there are specific timing requirements that must be met for the consent authorization. This is also relevant to cases where multiple authorizers are required to authorize the payment consent (Please refer to https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#18.-Multi-User-Authorization-Flow). 1.4 Set the Consent Expiry Date accordingly if the Authorization Time Window is set to more than 1 day. This is to avoid the consent expiring before all necessary authorizations are completed. Otherwise, the default value of the Consent Expiry Date MUST be set to the same day (i..e current day). The Consent Expiry Time MUST always be set to 23:59:59 of the Consent Expiry Date. 1.5 Set the Risk Information Block (as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#9.-Risk-Information-Block) | ||
TPPs MUST: 1.6 Enable Users to provide explicit consent for the initiation of a SIP payment order from their online payment account held at their LFI as per the payment details specified in the payment Consent. | ||
SIP-2 | Consent Staging | |
SIP-3 | Hand-off to LFI | Example wording to use: ‘We will securely transfer to YOUR LFI to authenticate and make the payment“. |
SIP-4 | Authentication | LFI Authentication Only LFIs MUST: 4.1 Enable Users to perform authentication with their LFIs, as per the following sections: 4.2 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if User Authentication has failed or Users opted to cancel the authentication/authorization process. |
Centralized Authentication and Authorization (Federated) Only 4.3 As per https://openfinanceuae.atlassian.net/wiki/x/HoBBAw | ||
SIP-5 | Confirmation/ Authorization | Standard Journey LFIs MUST: 5.1 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to review and authorize the Single Instant Payment (SIP) Consent. 5.2 Retrieve from the OFP the Single Instant Payment (SIP) Consent details staged by the TPP using the unique Consent Identifier and present to Users all the details included in this. 5.3 Allow Users to select a payment account for the initiation of the Single Instant Payment (SIP), if this was not provided in the retrieved staged payment Consent details, as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#12.-Payment-Account-Selection-at-LFI
5.4 Check the authorization status of the selected payment account is in accordance with the TPPs' Accepted Authorization Type as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#13.-Check-Accepted-Authorization-Type. 5.5 Add to the Single Instant Payment (SIP) Consent the IBAN of the Payee returned by the Proxy resolution process, if the Single Instant Payment (SIP) Consent was submitted for User Authorization using a Proxy as the Payee Identification. The Consent is thereafter tied to the IBAN of the Payee rather than the proxy itself.
5.6 Present to Users the following minimum required information for authorizing the Single Instant Payment (SIP) Consent:
5.7 Request Users to authorize the Single Instant Payment (SIP) Consent, so that a single instant payment can be initiated. 5.8 Provide Users the ability to abort the payment journey, if Users decided to terminate the request. The LFI MUST hand-off the Users back to the TPP, providing the necessary error message to the OFP and reject the Single Instant Payment (SIP) Consent. 5.9 Check the Authorization Time window is valid as per https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft3/pages/70092902/Common+Rules+and+Guidelines#20.-Check-Authorization-Time-Window 5.10 Change the state of the Single Instant Payment (SIP) Consent from Awaiting Authorization to Authorized, when all Authorizers (one or more) have authorized the payment Consent. 5.11 Update the Single Instant Payment (SIP) Consent details stored in the OFP with all the information included in the Single Instant Payment (SIP) Consent authorized by the User. |
LFIs MUST: 5.2.1 Display as minimum the Payment Amount, Currency and the Payee Account Name to make the User aware of these details. These details MUST be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required):
5.2.2 Display the balance of Users payment account (not shown on the user journey) as part of the authentication journey on any of the aforementioned screens (stated in 5.2.1), in the case that Users are redirected to authenticate using an app (thus meeting 1 authentication factoer). Displaying the balance in this instance need not require any additional strong customer authentication. Displaying the balance is other cases is optionaly for LFIs. 5.2.3 Allow the same minimum and maximum payment limits, as they offer in the Standard Journey and their other direct online channels. 5.2.4 Inform Users about their “point of no return” for making the payment and that their payment will be made after authentication occurs. Example wording: ‘Authenticate to make payment”. For recognition based biometrics (e.g. Face ID) which can be more immediate, the biometric authentication should be invoked after a delay or through a call to action to allow the User the ability to view the details of the payment that needs to be authorized. | ||
OFP MUST: 5.12 Confirm back to the LFIs that the Single Instant Payment (SIP) Consent details have been updated successfully. | ||
Multi-Authorization Journey Only | ||
SIP-6 | Payment Initiation | LFIs MUST: 6.1 Trigger the payment initiation process for the payment Consent immediately after the Single Instant Payment (SIP) Consent has been fully authorized by all required authorizers (one or more). 6.2 Additionally apply all existing BAU payment account controls and limits such as single transaction value limit, total transaction value limit, AML checking (if applicable) and others, as if the payment request has been initiated by the existing channels of the LFI. LFIs MUST send an appropriate error response to the OFP in case the payment is rejected due to violating any of these limits. 6.3 Reject the payment initiation if the payment account selected for the payment has insufficient funds. The OFP MUST be notified about this rejection with an appropriate error message. 6.4 Subject to successful BAU checking, validation and payment processing, proceed with the execution of the payment by either submitting the payment to the underlying payment rails or executing internally as Intra-bank payment. 6.5 Provide the OFP with all the available information in relation to the initiated payment instruction including the payment’s unique identifier Payment Transaction ID. The format of the Payment Transaction ID can be found in the UAE Open Finance Standard specifications. 6.6 Ensure that the Payment Reference provided in the Single Instant Payment (SIP) Consent is made available to the Beneficiary’s account information in the case of Intra-bank payments within the same LFI. |
OFP MUST: 6.7 Return back to the TPP in the Single Instant Payment (SIP) Consent response the IBAN of the Payee identification returned by the Proxy resolution, if the Single Instant Payment (SIP) Consent was submitted for User Authorization using a Proxy as the Payee Identification. 6.8 Send an appropriate error response to the TPPs in case the payment is rejected due to violating any of the LFIs BAU payment accounts checks or limits. 6.9 Send to the TPP the appropriate error message in case the payment initiation was rejected by the LFI due to insufficient funds in the selected payment account. 6.10 Provide the TPP with all the available information in relation to the initiated Single Instant Payment (SIP) instruction including the payment’s unique identifier Payment Transaction ID. | ||
SIP-7 | Payment Status Update | |
SIP-8 | Hand-off back to the TPP | |
SIP-9 | Confirmation to User |
|
TPPs MUST: 9.2.1 Display to Users the information received from the LFIs. This information may include:
9.2.2 Display any of the following information regarding initiation and execution of the payment, if received by the LFIs:
| ||
SIP-10 | Payment Notifications |
7.2 Single Refund Payment Consent
This use case requires a https://ksaob.atlassian.net/wiki/spaces/BRS20231101final/pages/348553780/Generic+Business+Rules+for+PIS#A.-Single-Use-Consent. The consent parameters type for this use case is Single Refund Consent, which MUST be used for a batch of single refunds which will be initiated by the PASP immediately after PSU authorization at the PASP.
PISPs MUST:
7.2.1 Enable the merchant to initiate a refund request with the following details:
The refund payment amount (if different than the full amount of the original payment).
The amount of the original payment.
The date of the original payment.
The Transaction ID of the original payment.
Purpose of the Refund Payment (as per https://ksaob.atlassian.net/wiki/spaces/BRS20231101final/pages/348553780/Generic+Business+Rules+for+PIS#4.2.6-Purpose-of-Payment)
The PASP and the IBAN of the payment account to be used for the payment refund.
7.2.2 Check the details provided by the merchant and validate they match their previous records of initiated payments.
7.2.3 Check if any previous Partial Refunds were initiated against the same original transaction and that the cumulative value including the new Partial Refund request does not exceed the value of the original transaction. If it does exceed, then the PISP MUST inform the merchant accordingly and abort the request.
7.2.4 Enable the merchant to review the parameters related to the Refund payment they need to give consent for.
7.2.5 Enable the merchant to provide explicit consent for the initiation of a Refund payment from their online payment account held at their PASP as per the refund payment parameters specified in the consent.
7.2.6 Enable Merchants to initiate Refunds to multiple beneficiaries (original payers) using a single Refund Consent.
7.2.7 Limit the number of Refunds batched together in a single Refund request message to the https://ksaob.atlassian.net/wiki/spaces/BRS20231101final/pages/348554507/PIS+Limits+and+Constants#Max-Refunds-per-Message.
7.2.8 Redirect the merchant to the PASP of the payment account to be used for the refund payment.
7.2.9 NOT initiate a new Single Use Refund Consent with bulk Refunds before all the Refunds in a previous bulk Refund Consent have completed processing and have a conclusive payment status.
7.2.10 NOT initiate any Refunds of a payment date older than the https://ksaob.atlassian.net/wiki/spaces/BRS20231101final/pages/348554507/PIS+Configuration+Parameters#Max-Refunds-Allowable-Time-Window.
7.2.11 Set the Risk Information Block (as per https://ksaob.atlassian.net/wiki/spaces/BRS20231101final/pages/348553780/Generic+Business+Rules+for+PIS#4.2.13-Risk-Information-Blockexcluding the Destination Delivery Address and the Beneficiary Indicators information groups due to being irrelevant)
PASPs MUST:
7.2.12 Follow the Authentication rules as defined in the https://ksaob.atlassian.net/wiki/spaces/BRS20231101final/pages/348553780/Generic+Business+Rules+for+PIS#4.4-Authentication.
7.2.13 Use the information included in the Refund Consent to search records and identify the original transaction.
7.2.14 Check and validate that all the information of the Refund Consent matches the parameters of the original transaction.
7.2.15 Check and validate that all the payment account to be used for the Refund payment specified in the authorized Refund Consent matches the Payment Account used to receive the original payment.
7.2.16 Use the original transaction information to identify the account details of the PSU that initiated the original payment.
7.2.17 Display all the parameters of the Full or Partial Refund payment and request the merchant to authorize the initiation of a new single payment payment as a full or partial refund payment with the original payer PSU as the beneficiary.
7.2.18 Reject the request for initiation of refund and respond with an appropriate message for the following scenarios:
the payment account used for the Refund(s)does not have enough balance for the total amount of all Refund(s) in the request.
the Refund request is made after the stated refund allowable period.
the Refund request is made for a transaction that has already been refunded.
the amount in the refund request exceeds the original transaction amount . The amount must be checked against a cumulative value if there were any previous partial refunds made for that transaction.
there are any issues with the originating account that block any transaction initiation from the that account.
the transaction is declined by the recipient’s PASP
7.2.19 Formulate and send to the payment rails for processing the single payment message using the parameters of the authorized refund payment consent.
7.2.20 Confirm to PISP the successful initiation of the Refund payment.
7.2.21 Provide the PISP with the ability to check the status of the Refund payment as per the Rules in https://ksaob.atlassian.net/wiki/spaces/BRS20231101final/pages/348553780/Generic+Business+Rules+for+PIS#4.8-Payment-Status-Update.
PISPs MUST:
7.2.22 Confirm to the merchant the successful initiation and execution of the Refund payment.