As a bank, we want our account holders to know exactly which authorizations they have issued for every party. To that end, the consent flow from third-party apps is arranged like this: the client is led from the app to our bank environment. There, clients can see what the app wants to access: from debit and credit overviews to the full transaction history. They can then decide whether or not to approve the authorization. They can also withdraw the authorization at any time in the bank environment. That way, clients can keep a grip on their personal data.
We naturally try to keep the consent flow as short and as user-friendly as possible. But clients should be absolutely certain what they authorize an app to do. So we shorten the process wherever possible, for example by removing the welcome screen with general information. Clients also initially had to sign in with their bank card and reader twice, but now they only have to sign in once. We believe that the flow should also run as smoothly as possible, because Banking as a Service is the future, and we want third parties to be able to provide the best possible service to our clients.
In flow with third parties
We also use feedback from third parties to constantly improve the flow. For example, we are now working on the option to make authorizations more dynamic. Clients will be able to easily add an authorization for a new account, without having to renew all of the other authorizations. New APIs will also make it possible to keep authorizations valid for longer than 90 days, so that clients won’t have to constantly renew their authorizations.
Finally, we are also constantly improving authorizations for business APIs, such as bookkeeping programs. This improvement will enable business clients to view and revoke authorizations via the bank app. That’s convenient in a business context, because there are often multiple users who frequently alternate. In so doing, we’re not only making consent more user-friendly for clients; we’re also making our OAuth more attractive for third parties.