What is the redirection authentication model?
Redirection based authentication has a range of possible experiences for a PSU based on whether the PSU has an ASPSP app or not, and the device on which the PSU is consuming the TPP (AISP/PISP/CBPII) service. The FCA have made clear in their Approach document that PSUs must be able to authenticate using the authentication methods they are accustomed to using via the banking application (‘app’) on a mobile phone if accessing accounts via a TPP. We have used one example of an AISP and PISP journey to demonstrate how redirection flows must work. These apply to variations in AIS/PIS/CBPII journeys related to the order of application of SCA and are covered in sections 5, 6 and 7.