[Openid-specs-fapi] Strong MERCHANT Authentication

Joseph Heenan joseph at authlete.com
Mon Apr 13 13:52:56 UTC 2020

> On 12 Apr 2020, at 07:21, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
> How is FAPI going to handle VRP?

That’s essentially out of scope - but the alternate question of “How do you do VRP with FAPI” the answer is that you obtain authorization from the user for VRP (exactly the same as you would for a single payment, other than showing a differing consent request to the user), resulting in an access token (and optional refresh token) that allows long term access to a payment API that could be used to transfer money from a particular set of bank accounts.

VRP in the UK OpenBanking ecosystem has to solve two problems:

1) the non-technical issue that the banks don’t want to do it (except potentially under a commercial contract)

2) the technically “relatively" straight forward exercise of designing a standardised consent model and API


More information about the Openid-specs-fapi mailing list