Yapily guidelines for Yapily Connect AIS UX
The information on this page applies to both Yapily Connect Ltd and SafeConnect UAB, except that SafeConnect UAB connections should use the existing SafeConnect branding until migrated. Please refer to SafeConnect resources
Any AIS authorisation can be summarised as any request to pull a PSU's account information, balance and transaction data, requesting a consent that can last up to 90 days. For Yapily Connect customers two distinct variations exist:
- Non-Agent : The data returned is not shown to the end PSU (e.g. to make a loan decision),
- Agent : The data is displayed to the PSU (e.g. in an accounting platform or personal finance management application).
Introduce the PSU to the journey by creating an intent within the TPP application to obtain the user's account information. Depending on your use case (whether you're an agent or non-agent customer) you may or may not wish to be explicit about the request e.g. "Add account", "Link account"
Present the PSU with the option to select which bank they wish to complete an account information authorisation for (if not already pre-defined, e.g. as per a previously linked account).
Present the request for the user's account information to the PSU prior to the redirect to their bank.
The key Yapily Connect requirement is that the PSU is made aware who Yapily Connect is, with appropriate logos and legal details, before being redirected to their bank. This will help assure the PSU when they see Yapily Connect as the consent recipient on their bank screens (and why it's not the details of the TPP whose service they are using) along with all of the relevant details should they wish to cancel the consent or understand who Yapily Connect is and our legal responsibilities.
Everything inside the following box is required to be displayed to your customers, please replace the text in [brackets] with your product's information
The PSU is redirected to their bank (through the browser or the corresponding online banking mobile app) and neither Yapily or the TPP can control this part of the flow. The PSU is asked to login using the same credentials as their online banking which can be any combination of SCA e.g. fingerprint scanning, face ID, temporary codes or secure passwords/pass-phrases.
The bank will request the user to select all the accounts the want to share if this is a new authorisation request. In the event of a re-authorisation (where the TPP requests the user to re-authorise an existing consent), the PSU will typically be taken directly to the Step 6.
Now that the PSU is authenticated, they will be prompted to authorise the consent request Yapily Connect is making on behalf of the TPP. Once the consent has been given (or not), the bank session will automatically close and the PSU will be redirected to the redirect url configured for the application within Yapily.
The TPP confirms that the authorisation request was approved by the user which will allow them to continue with the desired user journey now that the user's AIS data is accessible.
For TPPs using the Agent model, the data that is required to be displayed to the PSU can be clearly displayed.
The PSU should be given the ability to cancel their consent at any time. This can be an additional page, profile setting etc, or even an email address upon which the request can be actioned.