Versions Compared

Version Old Version 21 New Version 22
Changes made by

CBB Admin

CBB Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel1
stylenone

1.  Introduction 

Open Banking API specifications support Payment Initiation Services (PIS) that enable a PISP to initiate a payment order, with the PSU's explicit consent, from their online payment account held at their ASPSP. The PISP is then further able to retrieve the status of a payment order. This section describes how each of the Participants (PISPs and ASPSPs) in the delivery of these services can optimise the customer experience for these services. Furthermore, it provides clarifications to participants on the usage of the APIs, and best practice guidelines for implementation of the customer journeys. We have illustrated three variations for the single domestic payment use case. These variations are applicable to the other payment use cases as well. 

Please note that ASPSPs do not need to support the initiation of certain payment methods described in this section by a PISP, where the ASPSP does not support such transactions through their own channels (such as international transactions and bulk payment files).

End to End User flow:

 

...

2.  CX Guidelines

2.1 Single Domestic Payments – A/C Selection @PISP

2.1.1 User Journey

PSUs can initiate, by providing their consent to PISPs, an instruction to their ASPSPs to make a onetime payment for a specific amount to a specific payee where all information for a complete payment order (including the PSUs’ account details) is passed from PISPs to ASPSPs. Once PSUs have been authenticated in ASPSPs domain, PSUs must be directed back to the PISP domain.

...

2.1.2 Customer Experience Checklist and CX Considerations 

...

S.No.

...

Requirements and Considerations

...

 Participant

...

Implementation Requirements

...

1

...

Minimum Set of Parameters

PISPs must either allow PSUs to specify the below minimum set of parameters or pre-populate them for the PSUs:

  • Payment Amount and Currency (BHD for Bahrain implementations)

  • Payee Account Name

  • Payee Account Identification details (e.g. account number and full IBAN )

  • Payment Reference

...

PISP

...

Required

...

2

...

PSU payment Account Selection

PISPs must provide PSUs at least one of the following options:

  • Enter their Payer's payment Account Identification details

  • Select their Account Identification details (this assumes they have been saved previously)

...

PISP

...

Required

...

3

PSU Consent to PISP

PISPs must request for the PSUs' consent to the payment in a clear and specific manner. PISPs must display the following information in the consent screen:

...

Payment Amount and Currency (BHD for Bahrain implementations)

...

Payee Account Name

...

Payment Reference, if it has been entered by PSUs or prepopulated by PISPs in item #1

PSU payment Account Identification and/or the selected ASPSP (based on item #2 options)

...

Single domestic payment allows the User/Customer to post his/her consent to the PISPs to make a one-time payment for a specific amount to a specific payee immediately, wherein the PISP provides this instruction to the customer’s ASPSPs (banks). This use case details out the customer experience guidelines and technical API specifications that are required to be developed and followed by both ASPSPs (Banks) and PISPs. This use case is applicable to both retail and corporate customers. Depending on few decision points (as explained in the End to End user flow), three variations of the user journey has been mapped and explained in detail in the section below.

Few sample domestic payments may include account to account transfers, loan re-payment, university/exam fee payments, merchant payments (including bill payments for electricity, water, telephone, cab, and ticket), restaurant/hotel payments, E-commerce payment, wallet payments, Invoice and other corporate payments.

This section describes how each of the Participants (PISPs and ASPSPs) involved in the delivery of these services can optimise the customer experience for these services. Furthermore, it provides clarifications to participants on the usage of the APIs, and best practice guidelines for implementation of the customer journeys.

End to End User flow:

 

...


2.  CX Guidelines

2.1 Single Domestic Payments – A/C Selection @PISP

2.1.1 User Journey

User/Customers can initiate, by providing their consent to PISPs, an instruction to their ASPSPs (Banks) to make a onetime payment for a specific amount to a specific payee where all information for a complete payment order (including the User/Customers’ account details) is passed from PISPs to ASPSPs (Banks). Once User/Customers have been authenticated in ASPSPs (Banks) domain, User/Customers must be directed back to the PISP domain.

...

2.1.2 Customer Experience Checklist and CX Considerations 

S.No.

Requirements and Considerations

 Participant

Implementation Requirements

1

Minimum Set of Parameters

PISPs must either allow User/Customers to specify the below minimum set of parameters or pre-populate them for the User/Customers:

  • Payment Amount and Currency (BHD for Bahrain implementations)

  • Payee Account Name

  • Payee Account Identification details (e.g. IBAN)

  • Payment Reference

PISP

Required

2

PSU payment Account Selection

PISPs must provide User/Customers at least one of the following options:

  • Enter their Payer's payment Account Identification details

  • Select their Account Identification details (this assumes they have been saved previously)

PISP

Required

3

PSU Consent to PISP

PISPs must request for the User/Customers' consent to the payment in a clear and specific manner. PISPs must display the following information in the consent screen:

  • Payment Amount and Currency (BHD for Bahrain implementations)

  • Payee Account Name

  • Payment Reference, ifit has been entered by User/Customers or prepopulated by PISPs in item #1

  • User/Customer payment Account Identification

    • Note 1: if User/Customer payment Account identification is selected in item #2, PISPs should mask the PSU User/Customer payment Account details on the consent screen. Otherwise, if the PSU User/Customer payment Account identification has been input by PSUs User/Customers in item #2, PISPs should not mask these details to allow PSUs User/Customers to check and verify correctness

    • Note 2: if PSU User/Customer payment Account identification is provided by PSUs User/Customers in item #2, PISPs could may use this to identify and display the ASPSP (Bank) without having to ask PSUUser/Customer

For Payee Account Identification details (e.g. account number and full IBAN):

  • If this has been provided by PSUs in item #1, then PISPs must also display this in the consent screen to allow PSUs to check and verify correctness

  • If this has been pre-populated by PISPs (e.g. in an e-commerce payment scenario) PISPs could choose whether to display this information or not

CX consideration:

PISPs should provide messaging to inform PSUs that they will be taken to their ASPSPs to complete the payment

Example wording: "You will be securely transferred to YOUR ASPSP to authenticate and make the payment"

PISP

Required

4

CX consideration:

  • Generic PISP to ASPSP redirection screen and message

 SCA Authentication (including dynamic linking) must be the only action required at the ASPSPs (unless supplementary information required, refer to section 1.1.3).

The ASPSP authentication must have no more than the number of steps that the PSU would experience when directly accessing the ASPSP channel

 CX consideration:

  • If SCA as described in this section cannot occur on the same screen as displaying the amount and the payee (e.g. for some biometric authentications methods), then ASPSPs should offer PSUs options to proceed or cancel the payment with "equal prominence”

ASPSP

Required

5

ASPSPs must display as minimum the Payment Amount, Currency and the Payee Account Name to make the PSU aware of these details (unless an SCA exemption is being applied). These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required, refer to section 1.1.3.

CX consideration:

  • ASPSPs should inform PSUs about their “point of no return” for making the payment and that their payment will be made after authentication occurs. Example wording: “Authenticate to make payment”

  • For recognition based biometrics (e.g. Face ID) which can be more immediate the biometric authentication should be invoked after a delay or through a call to action to allow the PSU the ability to view the details

  • ASPSPs could display the balance of PSUs payment account as part of the authentication journey on any of the following screens:

  • ASPSPs’ Authentication screen

    • ASPSP

    User/Customers in item #1, then PISPs must also display this in the consent screen to allow User/Customers to check and verify correctness

  • If this has been pre-populated by PISPs (e.g. in an e-commerce payment scenario) PISPs may choose whether to display this information or not

CX consideration:

  • PISPs should provide messaging to inform PSUs that they will be taken to their ASPSPs (Banks) to complete the payment. Example wording: "You will be securely transferred to YOUR ASPSP (Banks) to authenticate and make the payment"

  • Generic PISP to ASPSP (Bank) redirection screen and message

PISP

Required

4

SCA-Strong Customer Authentication

SCA (including dynamic linking) must be the only action required at the ASPSPs (Banks) (unless supplementary information required). The ASPSP (Bank) authentication must have no more than the number of steps that the User/Customer would experience when directly accessing the ASPSP (Bank) channel.

 CX consideration:

  • If SCA as described in this section cannot occur on the same screen as displaying the amount and the payee (e.g. for some biometric authentications methods), then ASPSPs (Banks) should offer User/Customers options to proceed or cancel the payment with "equal prominence”

ASPSP

Required

5

ASPSP (Bank) displaying transaction summary

ASPSPs (Banks) must display as minimum the Payment Amount, Currency and the Payee Account Name to make the User/Customer aware of these details (unless an SCA exemption is being applied). These details must be displayed as part of the authentication journey on at least one of the following screens without introducing additional confirmation screens (unless supplementary information is required):

  • ASPSPs’ (Banks’) Authentication screen

  • ASPSP (Bank) to PISP redirection screen
    Note: Displaying the balance in this instance need not require any additional strong customer authentication

CX consideration:

  • ASPSPs (Banks) should inform User/Customers about their “point of no return” for making the payment and that their payment will be made after authentication occurs. Example wording: “Authenticate to make payment”

  • Generic ASPSP (Bank) to PISP redirection Screen screen and message

ASPSP

Required

6

PISP Confirmation

If received from ASPSPs, PISPs must display the information received from the ASPSP. This information may include:

  • The unique identifier assigned to the payment instruction by ASPSPs

  • The payment status (and status update date & time) - Confirmation of successful payment initiation

If received by ASPSPs, PISPs must display any of the following information regarding

  • initiation

and execution of the payment:

  • The expected payment execution date & time

  • The expected settlement date & time (i.e. the value date of the payment)

  • The ASPSP (Bank) charges (where applicable) 

    CX consideration:

     

    If PSUs User/Customers provide their payment account identification details (as per item #2 options), the PISP couldmay, with the consent of the PSUUser/Customer, save the account details for future transactions (such as making further payments or initiating refunds back to PSUsUser/Customers) where this is part of the payment initiation service explicitly requested by the PSUUser/Customer. For example, a merchant, upon request from the PSUUser/Customer, may initiate a refund back to the PSUUser/Customer, by instructing the same PISP that initiated the initial PSU User/Customer transaction to use the saved PSU User/Customer payment account identification details as the beneficiary details for the refund. This will be dependent on the same PISP being used by both the PSU User/Customer and the merchant, their specific contractual terms and the existing regulations.

PISP

 

 

Required

 

7

Further Payment Status Update

PISPs must follow up with ASPSPs (Banks) in order to check and update the PSUs User/Customers with the most updated information that can be received by ASPSPs (Banks) in relation to the execution of the payment. For more details on Payment Status, please also refer to section Payment Status.

PISP

Required

2.2 Single Domestic Payments – A/C Selection @ASPSP

2.2.1 User Journey

There are may be cases where the payment order submitted by PISPs to ASPSPs (Banks) is incomplete, such as where PSU User/Customer account selection has not yet occurred. In these scenarios, Open banking guideline considers that SCA only needs to be obtained once, as part of the initial interaction between the ASPSP and PSU(Bank) and User/Customer. The fact that the PSU User/Customer has to then carry out account selection or provide other information does not invalidate the SCA just performed by the ASPSP.

Equally, the display of the account balance by the ASPSP (Bank) as part of the account selection process in the payment initiation journey should not require an additional application of SCA.

...

2.2.2 Customer Experience Checklist and CX Considerations

S. No.

Requirements and Considerations

 Participant

Implementation Requirements

1

Minimum Set of Parameters

PISPs must either allow PSUs User/Customers to specify the below minimum set of parameters or pre-populate them for the PSUsUser/Customers:

  • Payment Amount and Currency (BHD for Bahrain implementations)

  • Payee Account Name

  • Payee Account Identification details (e.g. account number and full IBAN)

  • Payment Reference

 PISP

Required

2

PSU User/Customer payment Bank Selection

PISPs must provide PSUs User/Customers the following options:

  • Select their ASPSP (Bank) in order to select their PSU User/Customer payment Account from there later on in the journey

 PISP

Required

3

PSU User/Customer Consent to PISP

PISPs must request for the PSUsUser/Customers' consent to the payment initiation in a clear and specific manner. PISPs must display the following information in the consent screen:

  • Payment Amount and Currency (BHD for Bahrain implementations)

  • Payee Account Name

  • Payment Reference, if it has been entered by PSUs User/Customers or prepopulated by PISPs in item #1

  • Selected ASPSP (Bank) (based on item #2 options)

For Payee Account Identification details (e.g. account number and full IBAN):

  • If this has been provided by PSUs User/Customers in item #1, then PISPs must also display this in the consent screen to allow PSUs User/Customers to check and verify correctness

  • If this has been pre-populated by PISPs (e.g. in an e-commerce payment scenario) PISPs could may choose whether to display this information or not

CX consideration:

CX consideration:

  • PISPs should provide messaging to inform PSUs User/Customers that they will be taken to their ASPSPs (Banks) to complete the payment. Example wording: "You will be securely transferred to YOUR your ASPSP (Bank) to authenticate and make the payment"

 PISP

Required

4

  • payment"

  • Generic PISP to ASPSP (Bank) redirection screen and message

 PISP

Required

4

SCA-Strong Customer Authentication

ASPSPs (Banks) must apply SCA including dynamic linking, unless an exemption applies. The ASPSP (Bank) authentication must have no more than the number of steps that the PSU User/Customer would experience when directly accessing the ASPSP (Bank) channel.

 ASPSP

 Required

5

PSU User/Customer payment Account Selection

ASPSPs (Banks) must allow PSUs User/Customers to select the payment account to complete the payment order for execution

CX consideration:

  • Once the PSU User/Customer has selected their account, the ASPSPs (Banks) should display the following information to the PSUUser/Customer:

    • Payment Amount and Currency (BHD for Bahrain implementations)

    • Payee Account Name

    • Payment Reference, if it has been entered by PSUs User/Customers or prepopulated by PISPs in item #1

    • The account selected by the PSU User/Customer for payment

    • Payee Account Identification details (e.g. account number and full IBAN)

  • ASPSPs (Banks) should inform PSUs User/Customers about their “point of no return” for making the payment and that their payment will be made after pressing the Proceed button. Example wording: “Press Proceed to make payment"

  • ASPSPs (Banks) must allow PSUs User/Customers to review as a part of the authentication process the information described above in #5. The PSU User/Customer can either proceed with the payment or cancel it, on the same screen, using options with "equal prominence"

  • Generic ASPSP (Bank) to PISP redirection Screen screen and message

 ASPSP

 Required

6

PISP Confirmation   

If received by ASPSPs, PISPs must display the information received from the ASPSP. This information may include:

  • The unique identifier assigned to the payment instruction by ASPSPs

  • The payment status (and status update date & time) - Confirmation of successful payment initiation

If received by ASPSPs, PISPs must display any of the following information regarding initiation and execution of the payment:

  • payment status (and status update date & time) - Confirmation of successful payment initiation

  • The expected payment execution date & time

  • The expected settlement date & time (i.e. the value date of the payment)

  • The ASPSP (Bank) charges (where applicable)

CX consideration:

  • If PSUs User/Customers provide their payment account identification details (as per item #5 options), PISPs could may save the account details for future transactions, where this is part of the payment initiation service explicitly requested by the PSUUser/Customer.

PISP

 

 

Required

 

7

Further Payment Status Update

PISPs must follow up with ASPSPs (Banks) in order to check and update the PSUs User/Customers with the most updated information that can be received by ASPSPs (Banks) in relation to the execution of the payment. For more details on Payment Status, please also refer to section Payment Status.

PISP

Required

 

2.3 Single Domestic Payments – A/C Selection @PISP (Supplementary Information)

...

In some scenarios, an additional step in ASPSPs' ASPSPs’ (Banks’) journeys may be required to display supplementary information to PSUsUser/Customers. ASPSPs (Banks) should determine the situations where this supplementary information is required, having regard to the principle that parity should be maintained between Open Banking journeys and ASPSPs’ (Banks’) online channel journeys, such that if supplementary information is not provided within the ASPSPs' ASPSPs’ (Banks’) online channels directly to PSUsUser/Customers, then it must not be provided during an Open Banking PIS journey. ASPSPs (Banks) should also ensure that this information does not constitute an obstacle or additional check on the consent provided by the PSU User/Customer to the PISP.

...

2.3.2 Customer Experience Checklist and CX Considerations

S. No.

Requirements and Considerations

 Participant

Implementation Requirements

1

Minimum Set of Parameters

PISPs must either allow PSUs User/Customers to specify the below minimum set of parameters or pre-populate them for the PSUsUser/Customers:

  • Payment Amount and Currency (BHD for Bahrain implementations)

  • Payee Account Name

  • Payee Account Identification details (e.g. account number and full IBAN)

  • Payment Reference

PISP

Required

2

PSU User/Customer payment Account Selection

PISPs must provide PSUs User/Customers at least one of the following options:

  • Enter their Payer's payment Account Identification details

  • Select their Account Identification details (this assumes they have been saved previously)

PISP

Required

3

PSU Consent to PISP

PISPs must request for the PSUsUser/Customers' consent to the payment initiation in a clear and specific manner. PISPs must display the following information in the consent screen:

  • Payment Amount and Currency (BHD for Bahrain  implementations)

  • Payee Account Name

  • Payment Reference, if it has been entered by PSUs User/Customers or prepopulated by PISPs in item #1

  • PSU User/Customer payment Account Identification

    • Note 1: if PSU User/Customer payment Account identification is selected in item #2, PISPs should mask the PSU User/Customer payment Account details on the consent screen. Otherwise, if the PSU User/Customer payment Account identification has been input by PSUs User/Customers in item #2, PISPs should not mask these details to allow PSUs User/Customers to check and verify correctness

    • Note Note 2: if PSU User/Customer payment Account identification is provided by PSUs User/Customers in item #2, PISPs could may use this to identify and display the ASPSP (Bank) without having to ask PSUUser/Customer

For Payee Account Identification details (e.g. account number and full IBAN):

  • If this has been provided by PSUs User/Customers in item #1, then PISPs must also display this in the consent screen to allow PSUs User/Customers to check and verify correctness

  • If this has been pre-populated by PISPs (e.g. in an e-commerce payment scenario) PISPs could may choose whether to display this information or not

 

  • not 

CX consideration:

  • PISPs should provide messaging to inform

PSUs

  • User/Customers that they will be taken to their

ASPSPs

  • ASPSPs (Banks) to complete the payment

  • . Example wording: "You will be securely transferred to

YOUR

  • your ASPSP (Bank) to authenticate and make the payment"

PISP

Required

4

CX consideration:

  • Generic PISP to ASPSP (Bank) redirection screen and message

PISP

Required

4

SCA-Strong Customer Authentication

ASPSPs (Banks) must apply SCA including dynamic linking, unless an exemption applies. The ASPSP (Bank) authentication must have no more than the number of steps that the PSU User/Customer would experience when directly accessing the ASPSP (Bank) channel.

ASPSP

Required

5

Additional Supplementary Information

ASPSPs (Banks) must be able to introduce a step as part of the authentication journey to display supplementary information associated with that payment if required. If the supplementary information screen is displayed ASPSPs (Banks) must display as minimum the Payment Amount, Currency and the Payee Account Name to make the PSU User/Customer aware of these details.

CX consideration:

  • ·        ASPSPs (Banks) should display to PSUs User/Customers all the payment instruction information received from PISPs together with the supplementary information. This information may include the following:

    o   Payment Amount and Currency (BHD for Bahrain implementations)

    o   Payee Account Name

    o   Payment Reference, if it has been entered by

    PSUs

    User/Customers or prepopulated by PISPs in item #1

    PSU

    o   User/Customer payment Account Identification

    and/or the selected ASPSP (based on item #2 options)

    o   Payee Account Identification details (e.g.

    account number and full

    IBAN)

    ·        ASPSPs (Banks) should inform PSUs User/Customers about their “point of no return” for making the payment and that their payment will be made after pressing the Proceed button. Example wording: “Press Proceed to make payment"

    ·        ASPSPs (Banks) must allow PSUs User/Customers to review as a part of the authentication process any supplementary Information. The PSU User/Customer can either proceed with the payment or cancel it on the same screen with supplementary information details, using options with "equal prominence“

    Generic ASPSP (Bank) to PISP redirection Screen screen and message

ASPSP

Required

 6

PISP Confirmation

PISPs must display the information received from the ASPSP. This information may include:

  • The unique identifier assigned to the payment instruction by ASPSPs

  • The payment status (and status update date & time) - Confirmation of successful payment initiation

 If received by ASPSPs, PISPs must display any of the following information regarding initiation and execution of the payment:

  • The expected payment execution date & time

  • The expected settlement date & time (i.e. the value date of the payment)

  • The ASPSP charges (where applicable)

 CX consideration:

If PSUs provide their payment account identification details (as per item #2 options), the PISP could, with the consent of the PSU, save the account details for future transactions (such as making further payments or initiating refunds back to PSUs) where this is part of the payment initiation service explicitly requested by the PSU. For example, a merchant, upon request from the PSU, may initiate a refund back to the PSU, by instructing the same PISP that initiated the initial PSU transaction to use the saved PSU payment account identification details as the beneficiary details for the refund. This will be dependent on the same PISP being used by both the PSU and the merchant, their specific contractual terms and the existing regulations

PISP

 

 

Required

 

 

7

Further Payment Status Update

PISPs must follow up with ASPSPs in order to check and update the PSUs with the most updated information that can be received by ASPSPs in relation to the execution of the payment. For more details on Payment Status, please also refer to section Payment Status.

PISP

Required

...