[Openid-specs-fapi] VRP. Re: Strong MERCHANT Authentication

Anders Rundgren anders.rundgren.net at gmail.com
Mon Apr 13 14:47:05 UTC 2020


On 2020-04-13 15:52, Joseph Heenan wrote:
> 
> 
>> On 12 Apr 2020, at 07:21, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
>>
>> How is FAPI going to handle VRP?
> 
> That’s essentially out of scope - but the alternate question of “How do you do VRP with FAPI” the answer is that you obtain authorization from the user for VRP (exactly the same as you would for a single payment, other than showing a differing consent request to the user), resulting in an access token (and optional refresh token) that allows long term access to a payment API that could be used to transfer money from a particular set of bank accounts.
> 
> VRP in the UK OpenBanking ecosystem has to solve two problems:
> 
> 1) the non-technical issue that the banks don’t want to do it (except potentially under a commercial contract)

That's strange, similar schemes are in heavy use since ages back, albeit using other "APIs".

> 
> 2) the technically “relatively" straight forward exercise of designing a standardised consent model and API

Right, I also found this relativity :-)

Anders

> 
> Joseph
> 



More information about the Openid-specs-fapi mailing list