Rework OTP fallback flow of AIS signature
Previous behaviour : if OTP fallback is authorized on creditor, when signer clicks on “cancel” on the AIS pages, he is redirected to the step 1 of signature where he can manually input its IBAN. The IBAN manually input was not checked. So the signer was able to “skip” the authentication on his bank portal and input any IBAN in the fallback process.
New behaviour :
- IBAN manually input on fallback flow is checked to détermine if it is part of the reach.
- New option is available in the init-session to force AIS signature if the IBAN manually input is part of the reach
Impacts :
- New field “forceSCA” in init-session - see swagger here.
- If forceSCA = true in the init-session and the signer has an IBAN in the reach, he will be redirected to AIS pages after step 1 of fallback flow.
- If forceSCA = false in the init-session and the signer has an IBAN in the reach, he will be redirected to step 2 of signature with OTP. The mandate will be flagged on creditor side to warn that AIS could have been used for signature. See SPS Release Note 23.4.
- If signer IBAN is not in the reach, no impact, he will perform an OTP signature.
To benefit from AIS signature or to have more information regarding fallback flow management, please contact SPS Support team for a demo.