Overview

According to the Berlin Group Implementation guidelines, there can be different methods for the PSU to carry out its strong authentication. comdirect is supporting the following one(s):

Redirect OAuth2 SCA Approach

The PSU is redirected from the TPP interface to a web browser in order to perform her/his SCA.

Decoupled SCA Approach

The PSU is redirected according to her/his usual/preferred authentication mechanisms. In this approach, the PSU will receive a message from comdirect through the TPP interface inviting her/him to finalize her/his authentication through her/his mobile banking application or any other authentication mechanism offered by comdirect. Additionally, comdirect might use other notification channels to inform the PSU (PUSH notifications on her/his mobile device, email, SMS, phone call…).


Redirect OAuth2 SCA Approach
Description

To carry out its strong authentication on the ASPSP side, the PSU will be redirected from the TPP APP through several pages within the workflow described below.

Login Screen

AIS Signature Screen

Before being redirected to the TPP App, the PSU will access a redirection screen with some context related to the given authorisation. This screen is slightly different for AIS and PIS.

PIS Signature Screen

AIS Redirection Screen

PIS Redirection Screen


Decoupled SCA Approach

  • 1a.) Push notification that there is a new TAN challenge waiting
  • 1b.) TAN challenge cue where PSU jump into after tapping the push notification. The cue is constantly updating.
  • 2.) Once a TAN challenge is tapped, PSU get the details of the order. Swipe „freigeben“ for confirmation.
  • 3.) Order confirmed.