CEG Certificate: Example Bank 2019
Customer Experience Guidelines
CEG Checklist Ref. | Topic | Checklist Question | Notes | Screenshot / video expected | Evidence description (to match the document attached) | Completed (with correct answer from Column "Notes") | Elements not completed | Mitigation | Impact | Timeframe for resolution |
---|---|---|---|---|---|---|---|---|---|---|
1. | Authentication | Is your Open Banking authentication journey equivalent to the journey experienced by a PSU when authenticating directly within your existing online channel(s) (e.g. browser and app)? | Answer must be "Yes" | Yes (comparison) | ||||||
2. | At any point during the Open Banking customer journey, do you ask the PSU for consent for the TPP to access account information or initiate a payment? | Answer must be "No" | Yes (by absence) | |||||||
5a. | Do you support app-to-app redirection? | Answer must be "Yes" | Yes | |||||||
7. | Error codes | Do you provide error codes to the TPP as per the error codes specified in the Read/Write Data API Specification v3.1 for failed requests? | Answer must be "Yes" | No | ||||||
10. | Access dashboards | Do you make available an access dashboard which allows PSUs to view TPP access which has been previously granted (as per Section 3.1.4 of the Customer Experience Guidelines)?] | Answer must be "Yes" | Yes | ||||||
11. | Complaints | Do you provide an easy way for the PSU to understand the complaints and dispute resolution process? | Answer must be "Yes" | Yes (show link/explanation) | ||||||
13a. | Data clusters (AIS) | Do you use the OBIE language shown under the Customer Experience Guidelines Section 3.2.3 to describe the data clusters when communicating with the PSU? | Answer must be "Yes" | Yes | ||||||
14. | Functionality (AIS) | Do you provide access to all account information made available to the PSU through your existing online channel(s), irrespective of the channel through which the TPP is presenting their service to the PSU? | Answer must be "Yes" | No | ||||||
15. | Do you apply the same access control rules to joint and multi-signatory accounts when accessed through a TPP as are applied when these accounts are accessed directly by the PSU? | Answer must be "Yes" | No | |||||||
17. | Authenticating to refresh access (AIS) | When a PSU is authenticating to refresh AISP access without making any changes to the original consent request, does your journey include any steps or screens other than those required for authentication of the PSU, for example, re-selection of the account(s) to which access was originally granted? | Answer must be "No" | Yes (by absence) | ||||||
19. | Functionality (PIS) | For payments that do not require the display of supplementary information (as defined in the Customer Experience Guidelines 4.1.2) does your journey involve any further steps (as defined in the Customer Experience Guidelines 4.1.1) or screens following authentication? | Answer must be "No" | Yes (by absence) | ||||||
20. | Do you provide supplementary information where it is required, in an equivalent way, to direct interactions with PSUs? | Answer must be "Yes" | Yes (comparison) | |||||||
21. | Can a PSU using a PISP utilise all PIS functionality offered by the ASPSP to the PSU in their online channel, irrespective of the channel or method used for authentication? | Answer must be "Yes" | No | |||||||
23. | In cases where the payment instruction is incomplete because the account details have not been provided by the PSU to the PISP, do you allow the PSU to select the account from which they wish to make the payment? | Answer must be "Yes" | Yes | |||||||
25. | Status of payment (PIS) | Do you provide or make available all information regarding initiation and execution of the payment to the PISP immediately after receipt of the payment order? | Answer must be "Yes" | No | ||||||
28. | Display of payment details (PIS) | Do you make the PSU aware of the amount/currency/payee as part of the authentication journey? | Answer must be "Yes", unless an SCA exemption is being applied | Yes | ||||||
29a. | Confirmation of funds ("yes/no" response) (PIS) | Do you provide immediate confirmation of whether or not there are funds available at the PISP’s request, in a ‘yes or no’ format? | Answer must be "Yes" [note - not required for March, agree date with Trustee] | No | ||||||
29b. | If you cannot perform a funds check then do you provide PISPs the necessary data to allow them to make their own judgements on the sufficient availability of funds? | Answer must be "Yes" | No | |||||||
31. | Explicit consent (CBPII) | Do you, prior to receiving the first request from each CBPII, obtain explicit consent from the PSU to provide confirmation of funds in response to CBPII requests (as shown under the Customer Experience Guidelines Section 5)? | Answer must be "Yes" | Yes | ||||||
34. | Confirmation of funds ("yes/no" response) (CBPII) | Do you provide immediate confirmation of funds in the form of a ‘yes’ or ‘no’ answer to a CBPII request where the payment account is accessible online? | Answer must be "Yes" | No |
Video evidence
AISP Auth | Video | Status | Issues | Mitigation | Planned Fix Date |
---|---|---|---|---|---|
Web | View | CERTIFIED | n/a | n/a | n/a |
iOS | View | FAIL | Lorem ipsum dolor sit amet | n/a | |
Android | View | PARTIAL | Lorem ipsum dolor sit amet | Lorem ipsum dolor sit amet | |
AISP Re-auth | Video | Status | Issues | Mitigation | |
Web | |||||
iOS | |||||
Android | |||||
PISP Auth (no a/c selection) | Video | Status | Issues | Mitigation | |
Web | |||||
iOS | |||||
Android | |||||
PISP Auth (a/c selection) | Video | Status | Issues | Mitigation | |
Web | |||||
iOS | |||||
Android | |||||
PISP Auth (supplementary info) | Video | Status | Issues | Mitigation | |
Web | |||||
iOS | |||||
Android | |||||
CBPII Auth | Video | Status | Issues | Mitigation | |
Web | |||||
iOS | |||||
Android | |||||
Decoupled | Video | Status | Issues | Mitigation | |
Model A | |||||
Model B | |||||
Model C | |||||
Model D |
© Open Banking Limited 2019 | https://www.openbanking.org.uk/open-licence | https://www.openbanking.org.uk