Versions Compared

Old Version 1

changes.mady.by.user Chris Michael

Saved on

compared with

New Version 2

changes.mady.by.user Chris Michael

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
outlinetrue

Problem statement

There are a significant number of PSUs in the UK who only ever bank on a mobile app. These users fall into one of two categories:

...

The API specifications are silent on how these PSUs should be catered for, as this is in the competitive space for TPPs and ASPSPs to implement a seamless user experience.

Scenarios

When using a service powered by Open Banking APIs, the PSU will be re-directed twice:

...

NOTE: In the case where the TPP provides a service for a merchant or 4th party who uses a mobile app, it is entirely in the competitive space as to how the TPP manages redirections back to this merchant/4th party mobile app. The merchant/4th party should follow the implementation notes below.

Implications

OBIE do NOT believe there are any customer groups who would not be able to access Open Banking.

...

It is possible that some ASPSPs may not implement deep links. In this case, if their PSUs experience scenarios 3, 4 or 5, they will be prompted to authenticate via their web browser. To prevent this poor user experience, ASPSPs should implement deep links and/or out of band communications so as to be compliant with the CMA Order and not to discriminate against PSUs who only use their mobile app for banking. 

Implementation of deep links

The requirement is to create a seamless journey for the PSU which bypasses the built in browser (e.g. Safari) on their mobile device. This can be done for any URL, ie BOTH a) for the initial redirect which the TPP sends the PSU to on the ASPSP's servers, AND b) the redirect URL which the ASPSP sends the PSU back to after authentication/authorisation.

...

Examples

There are many examples in use where redirects to mobile apps are supported. Two specific examples are:

Example 1

If a user installs the Medium app, and clicks on any links in an email from Medium on their mobile, they will be linked direct to the content within the Medium app.

EmailMedium App

Example 2

Using a Monzo app to login. The user is redirected from the Monzo app to a password reset email in their default email client app. The user is then redirected back to the login screen of the Monzo app and automatically logged in.

Monzo AppEmailMonzo App

Next steps

The API specifications should remain as is.

...

Recommendations

ASPSPs should also ensure that PSUs who only ever bank on via a mobile app do have a route to authenicate and authorise if they start the consent journey on a non-mobile device. 

In order to provide the best possible user experience, developers from ASPSPs and TPPs should implement deep linking.