If you are not regulated for payment initiation services under PSD2 in the UK, then your payment journeys require approval by TrueLayer before you can test in production and go live.
Simply create a ticket to reach our Client Operations team, including a copy of your customer’s payment journey, ensuring it covers the UX for giving consent, payment confirmation, the confirmation text or email and revoking consent. Please also provide the links you use such as Terms of Service, Privacy Policy and our FAQs.
You must also display some additional information in your payment journey for VRP. This article sets out what you need to include in your flow.
Before getting into the detail, here are some things to bear in mind.
- All mandatory information is clearly identified by the term must.
- The wording can be added in your choice of formats but must remain clear and visible to your customers.
- Your payment journeys require approval by TrueLayer before you can test in production and go live. Simply create a ticket to reach our Client Operations team, including a copy of your customer’s payment journey, ensuring it covers the end user’s consent and the payment confirmation.
- Your payment journeys must not be changed without TrueLayer’s prior approval. Again, create a ticket to contact us about any changes you make to your payment journey.
- We’d love to work with you to create the best experience for your customers, so don’t hesitate to ask us for assistance if you need it.
VRP Authorisation Journey - Main Steps
There are four steps in the VRP authorisation journey that you should bear in mind when building your journey.
- Payment Method Selection
- Bank Selection
- Payment Consent
- Post-Consent
This guide contains guidance on steps 3 and 4 - where we have strict requirements you must follow. Steps 1 and 2 are optional and can be adapted to suit your individual requirements.
Payment Consent Requirements
Before creating a payment with their bank, the end user must consent to TrueLayer initiating payment on their behalf.
|
1. Be clear with the End-User about what payment mandate you’re requesting, and how much they can / should pay
You must let the end-user know the details of the payment mandate you are asking them to authorise. This means, you must clearly and explicitly inform them of the following consent parameters, called constraints in the TrueLayer API:
- Maximum amount per time window* and Currency (GBP for UK implementations).
- Maximum amount per payment and Currency (GBP for UK implementations).
- Payee Account Name.
- Payee Account Identification details (e.g. account number and sort code or additionally roll number or full IBAN).
- Expiry Date (Ongoing or a Specific Date).
- Reference
|
|
2. Tell the user the account the money is going to
You must let the end-user know the account details of the account the money will be paid to. This includes an account name, sort code and account number.
We advise you to make the Account Name understandable. For example, if you were making a sweeping transaction from a Lloyds account to a Barclays account, we advise you to make the account name “Your Barclays Bank Account”.
|
|
3. Tell the user the account the money is coming from
In most situations, you will allow the user to select the account they pay from with their bank. This means you only need the user to select which bank they want to pay with.
In some situations, you may wish to pre-select the account that the user is paying from. This could be because you’ve verified the account previously with an Account Information call, or you’ve collected the user’s bank details previously.
In this case, if you pre-select the account for the end-user, you must tell them which account you’ve selected for them.
|
|
4. Be clear about why you are making payments
You must be clear with the end-user as to why the mandate is being set up. We have an obligation to treat customers fairly, and you must tell the user what you are using this mandate to make payments for, and if you go outside that, you must again explain to the end-user why you are making payments.
We would expect this text to be specific to your use case. For example, in the case of paying off a credit card, one might say:
"We need your permission to setup a Variable Recurring Payment in order to pay off your credit card account”
|
|
5. Display the Terms & Conditions and Privacy Policy
You must display the Terms & Conditions and Privacy Policy of the regulated entity that is making payments. If that entity is TrueLayer, the Terms & Privacy Policy are ours. If you are regulated in your own right - it would be yours.
We suggest you say:
By continuing you are permitting TrueLayer to initiate payments from your bank account on behalf of [CLIENT_NAME]. You also agree to our End User Terms of Service and Privacy Policy.
And link to:
Enduser ToS: https://truelayer.com/enduser_tos
Privacy Policy: https://truelayer.com/privacy
|
|
6. Tell the user they are transitioning to their bank to take an action
This is an optional step that we recommend.
You should say:
“We will securely transfer you to {YOUR ASPSP} to authenticate”
|
Post-Consent Requirements
After having authorised a VRP, you must do the following:
|
1. Welcome the user back to your domain with a screen that confirms their mandate authorisation
You must let the end-user know whether their mandate setup has been successful or unsuccessful when the user returns to your domain.
You must also re-state the mandate parameters which define the payment mandate the PSU has set up.
- Be clear with the End-User about what payment mandate you’re requesting, and how much they can / should pay. You must include:
- Tell the user the account the money is going to
- Tell the user the account the money is coming from
|
|
2. Send the user an Email or Text Message that confirms their payment instruction
You must send the end-user an email or text message that confirms their payment instructions upon successful mandate setup. This email must re-state the details in the explicit consent screen.
- Be clear with the End-User about what payment mandate you’re requesting, and how much they can / should pay. You must include:
- Tell the user the account the money is going to
- Tell the user the account the money is coming from
- Be clear about why you are making payments
- Display the Terms & Conditions and Privacy Policy
You must also include TrueLayer’s FAQ on Variable Recurring Payments, linked here: https://truelayer.zendesk.com/hc/en-us/sections/5263390255249-Variable-Recurring-Payments-VRP-End-User-FAQ
And you must make it clear that the user can cancel the mandate with either you or the bank, signposting how to do so.
|
|
3. Allow the user to view their mandate details and revoke their VRP mandate in your UI
You must allow the end-user to view and revoke their mandate in your User Interface. This means you should re-state the information included in the Explicit Consent screen.
- Be clear with the End-User about what payment mandate you’re requesting, and how much they can / should pay
- Tell the user the account the money is going to
- Tell the user the account the money is coming from - or let them select it with their bank
- Be clear why you are making payments
- Display the Terms & Conditions and Privacy Policy
- Include the Reference
You should also provide the user with a clear mechanism for revoking their mandate, and inform TrueLayer when the user requests their mandate be revoked.
|
