Yapily Connect PIS UX guidelines
Yapily Guidelines for User Journey Compliance
Introduction
A PIS authorisation is a request to initiate a payment from the PSU's bank. A single PIS (or bulk payment) authorisation generates a consent that can only be used once and only for the payment request(s) specified in the PIS authorisation. For Variable Recurring Payments, a series of payments can be initiated under a single consent (provided those payments fit within the pre-defined set of parameters defined by the PSU).
Below are instructions for what steps you should take to ensure a compliant PSU journey.
Although these are described as “steps”, they do not need to be performed sequentially as long as each element has been appropriately reflected to support a robust consent, provided that a PSU’s consent always has to be obtained prior to redirection to the bank.
Step 1: Introduce PIS journey to the PSU within your application
Introduce the PSU to the journey by creating an intent within your application to permit Yapily Connect to initiate a payment from the PSU’s account at the bank, e.g. a button or menu item with the text "pay by bank" or "new payment".
Step 2: Capture the sending bank
Present the PSU with the option to select which bank they wish to complete a PIS authorisation for. If the PSU has already added an account through the AIS journey and they wish to use this existing account, the bank’s selection process can be bypassed. For example, in cases where a returning PSU has already shared account information previously so their bank account is already linked to your platform, the journey can be shortened. However, the “Important Terms” of Yapily Connect T&Cs and Privacy Notice must be displayed prior to / above the “Allow” button (or equivalent).
Step 3: Display the payment request summary (if supported)
You should populate the minimum required fields (below) for the PSU.
Everything inside the following “Consent screen” box below must be displayed to PSUs to ensure they give an explicit, unambiguous consent and make an informed decision. Please replace the text in [brackets] with your product's information. Upon separate approval of Yapily Connect’s Compliance Team, you are allowed to make slight changes to how information is presented.
“Yapily Connect Terms & Conditions and Privacy Notice” must link through to Yapily’s Connect’s then current End User terms and Privacy Notice. The button to click for confirmation has to be named “Confirm” or “Allow” and it should be presented alongside an equally prevalent “Cancel” or “Leave” button. This should appear beneath / at the end of the information displayed.
Single PIS payments
Consent screen
We have partnered with Yapily Connect to securely initiate payment from your account at [bank]. Payment Total [amount of payment, currency] Payee Details Payee Name: [Payee Account Name] Payee Account Identification: Account number and Sort code or additionally roll number or full IBAN] [optional] Payment Reference: [Payment Reference] By using the service, you agree to Yapily Connect initiating this payment and its Terms & Conditions and Privacy Notice. [Insert links] “Confirm” “Cancel” [Insert buttons] |
---|
Bulk payments
Consent screen
We have partnered with Yapily Connect to securely initiate bulk payment from your account at [bank]. For each payment individually Payment Reference: [reference number] Amount: [amount of payment, currency] Beneficiary: [name, surname / legal company name] Date to send: [dd/mm/yyyy] By using the service, you agree to Yapily Connect setting up payment and its Terms & Conditions and Privacy Notice. [Insert links] “Confirm” “Cancel” [Insert buttons] |
---|
Variable Recurring Payments (Sweeping)
PSUs can either specify consent parameters or they can be pre-populated (provided the PSU can amend them).
Consent screen
We have partnered with Yapily Connect to set up a Variable Recurring Payment (VRP) consent to make transfers between your accounts. We will securely transfer you to your [bank] to authenticate and set up VRPs within the payment rules below: VRP Consent Parameters Max per [time window (Day/Week/Fortnight/MonthHalf Year/Year)]: [amount, currency (GBP for UK implementations)] Max per Payment: [amount, currency (GBP for UK implementations)] To: [Payee Account Name] Account Identification Details: [account number and sort code OR additionally roll number OR full IBAN] [bank] From: Option A (enabling PSUs to enter the details) Account Identification Details: [Account number and sort code - with additional roll number if required, IBAN, PAN, Paym and other formats] Option B (enabling PSUs to select the details, assuming they have been saved previously) Option C (enabling PSUs to select their bank in order to select their payment account from there later on in the journey) Yapily Connect can make payments until [dd/mm/yyyy]. (applicable only if an expiry date is provided on the consent) By using the service, you agree to Yapily Connect initiating payments within the above parameters and its Terms & Conditions and Privacy Notice. [Insert links] You can revoke your consent here or via your banking application. “Confirm” “Cancel” [Insert buttons] |
---|
Step 4: PSU authenticates with the bank
The PSU is redirected to their bank (through the browser or the corresponding online banking mobile app) - neither you nor Yapily Connect control this part of the flow. The PSU is asked by their bank to login using the same credentials as their online banking which can be any combination of SCA e.g. fingerprint scanning, face ID, temporary codes or secure passwords/pass-phrases.
Step 5: PSU selects an account
The bank will request the PSU to select an account if the payer is not specified. If the payer account is specified, the PSU will typically be taken directly to Step 6.
Step 6: PSU redirected back to Yapily Connect
Now that the PSU has been authenticated by their bank, they will be prompted to authorise Yapily Connect’s consent request. Once the consent has been given (or declined), the bank session will automatically close and the PSU will be redirected to Yapily’s redirect URL.
Step 7: Display payment confirmation
After the initiation of the payment order, you must provide or make available to the PSU and, where applicable, to the payee:
confirmation of the successful initiation of the payment order with the PSU’s bank; a reference enabling the PSU and the payee, to identify the payment transaction and, where appropriate, to enable the payee to identify the PSU, and any other information transferred with the payment order; the amount of the payment transaction.
You must also provide or make available the reference for the payment transaction to the PSU’s bank.
Step 8: Allow revoking of consent
PSUs cannot revoke payment orders given for single immediate payments (including bulk payments) with the PISP after they have given their consent to the PISP to initiate the payment transaction.
Once the payment has been initiated, the PSU would need to contact their bank to make changes to it. Cancellation of these payments must be consistent with available capabilities on their bank's existing online platform, as well as meeting the requirements of the PSRs relating to revocation of payment orders.
In terms of VRPs, you must provide PSUs with a facility to view and revoke VRP consent(s) as per the Variable Recurring Payments Consent Screen.