What are the Account Information (AISP) journeys identified by the UK's Open Banking Implementation Entity (OBIE)?
The UK's Open Banking Implementation Entity (<a href="/glossarycollection/open-banking-implementation-entity" style="color:#48277C;" target="_blank" title="Open Banking Implementation Entity"><u>OBIE</u></a>) identifies the following Account Information Service Provider (<a href="/glossarycollection/account-information-service-provider" style="color:#48277C;" target="_blank" title="Account Information Service Provider"><u>AISP</u></a>) journeys:<br/><br/>
"The Open Banking Read/Write Application Programming Interface (<a href="/glossarycollection/application-programming-interface" style="color:#48277C;" target="_blank" title="Application Programming Interface"><u>API</u></a>) specifications support Account Information Services (<a href="/glossarycollection/account-information-service" style="color:#48277C;" target="_blank" title="Account Information Service"><u>AIS</u></a>). They enable an AISP to access account information from online payment accounts held at an Account Servicing Payment Services Provider (<a href="/glossarycollection/account-servicing-payment-service-provider" style="color:#48277C;" target="_blank" title="Account Servicing Payment Services Provider"><u>ASPSP</u></a>) in order to provide account information services to a Payment Service User (<a href="/glossarycollection/payment-service-user" style="color:#48277C;" target="_blank" title="Payment Service User"><u>PSU</u></a>) provided they have obtained the PSU’s explicit consent.<br/><br/>
.... [redacted] ....<br/><br/>
The key components are:<br/><br/>
- Account Information Consent – PSU giving consent to an AISP to request account information from their ASPSP<br/><br/>
- Refreshing AISP Access – PSU authenticating at their ASPSP to refresh on-going access they've previously consented to<br/><br/>
- Consent Dashboard and Revocation – AISP facility to enable a PSU to view and revoke consents given to that AISP<br/><br/>
- Access Dashboard and Revocation – ASPSP facility to enable a PSU to view all AISPs that have access to their account(s) and the ability to revoke that access. This must be available on all channels that a PSU could access via the ASPSP directly, and be easy and intuitive for PSUs to find and use. This facility should not include unnecessary steps, superfluous information or language which could discourage the use of third-party services or divert the PSU from the access management process.<br/><br/>
- Generic guidance around the effective use of re-direction screens (when the PSU is transferred to and from the ASPSP domain) is included in section 'Effective Use of Redirection Screens.<br/><br/>
- Access Status Notifications by ASPSPs – Notifications by ASPSPs to inform AISPs about access revocation and other access status changes related to the PSUs account(s).<br/><br/>
- AIS access for PSUs from Corporate Entities – PSU acting with delegated user authority on behalf of a corporate entity, may only be able to use AISP services if this is permitted within the parameters of that delegated user authority.<br/><br/>
Note: this section does not include guidance around scenarios when more than one TPP is involved in the delivery of a service – sometimes referred to as “Onward Provisioning”. This subject will be addressed as part of the on-going OBIE evaluations of Electronic Identification Authentication and Trust Services (<a href="/glossarycollection/electronic-identification%2C-authentication-and-trust-services." style="color:#48277C;" target="_blank" title="Electronic Identification Authentication and Trust Services"><u>EIDAS</u></a>) and Consent/Access Dashboards.