Page Comparison

#

Customer Experience Checklist and Customer Experience Considerations

Participant

Implementation Requirements

1

Consent Selection

AISP must allow user/customer to select the relevant consent for revocation.
AISPs must display the company’s trading name/brand name (i.e. the Client Name) to the user/customer during the setup and revocation of consent. If the AISP is only trading with its registered company name then it must display that name to the user/customer.

If the AISP is not the customer-facing entity and there is an Agent who is acting on behalf of the AISP, then the Agent must make the user/customer aware that they are acting as an agent on behalf of the AISP and must also, display the AISP’s full trading name/brand name or registered company name whichever is the customer-facing brand of the AISP.

CX consideration:

AISP should provide user/customer with multiple selection options to manage/revocate consent.

AISP should offer functionality (e.g. search, sort, filter) to enable a user/customer to search for the relevant consent. This will be of particular benefit as the number of consents for different ASPSPs/ accounts given by a user/customer to AISPs increases.

AISP

Required

2

Consent Details

AISPs must describe the data being shared through each selected consent using the structure and language recommended by BOBF.

The Consent must also describe:

• A description of the account information service that is being provided

• Where the request is for multiple product types, the detail should explain to the customer the product type to which it applies or state that it is shared across multiple product types

• The date when consent was first granted

• The period for which the account information has been requested (e.g. transactions for the last 12 months)

CX consideration:

AISPs should present the data at a Data Cluster level and allow the user/customer to expand the level of detail to show each Data Permission.

AISP

Required

3

The AISP must make the exact consequences of cancelling the consent clear to the user/customer – i.e. they will no longer be able to provide the specific service to the user/customer.

AISP

Required

4

Cancel the permission

The consent dashboard must allow a user/customer to cancel the access they have given consent to. The functions “Cancel Permission” and “back” must be displayed with equal prominence to the user/customer.

Once the user/customer confirms revocation, AISPs must inform the ASPSP (Bank) that the user/customer has withdrawn consent by making a call ‘to PATCH’ the account-access-consent resource as soon as practically possible. This will ensure that no further account information is shared.

ASPSPs must support the revocation process. (This is not visible to the user/customer but will ensure no further account information is provided by the ASPSP (Bank) to the AISP).

AISP

Required

5

AISP Confirmation

AISPs must provide a message to consumers that revocation was successful. This message to be clearly visible on the dashboard and shown as soon as revocation has taken place.

CX consideration:

After the Patch endpoint is called by the AISP to remove the account-access-consent resource, the ASPSPs are advised to inform the user/customer via their own channels (for example via SMS or via a notification on their mobile phone) that the AISP will no longer have access to their account. This is an additional confirmation to the user/customer that the AISP has completed the revocation process correctly.

AISP

Required

6

Post Customer revocation, AISPs must delete the entire customer data from their storage system.

AISP

Required