FWIW, the Open Banking Implementation Entity (OBIE) in the UK have in various forums indicated that they do not believe in the PISP model as originally envisioned since that would give banks too much control over both processes and the UI.
What they assume will be their model, is that the user performs a one-time consent to a PSP. After that, the user is only authorizing payments to the PSP through software and methods provided by the PSP. The one-time consent is subsequently used by the PSP for performing the actual payment in the user's bank.
This model (aka decoupled) also permits PSPs introducing new processes like reoccurring payments without that being supported by the bank.
It is rather obvious that Amazon's famous one-click checkout wouldn't work if banks insisted on authenticating users during payments.
FWIW, the Open Banking Implementation Entity (OBIE) in the UK have in various forums indicated that they do not believe in the PISP model as originally envisioned since that would give banks too much control over both processes and the UI.
What they assume will be their model, is that the user performs a one-time consent to a PSP. After that, the user is only authorizing payments to the PSP through software and methods provided by the PSP. The one-time consent is subsequently used by the PSP for performing the actual payment in the user's bank.
This model (aka decoupled) also permits PSPs introducing new processes like reoccurring payments without that being supported by the bank.
It is rather obvious that Amazon's famous one-click checkout wouldn't work if banks insisted on authenticating users during payments.
This has major implications on the flow.