From 615e59faa2ece707038a3b6bb05bf77da3fa4121 Mon Sep 17 00:00:00 2001 From: Hemang Rathod Date: Fri, 5 May 2023 13:17:53 +1000 Subject: [PATCH] Standards Maintenance Issue #574: Added new Authorisation CX Standard for additional account selection functionality in the authorisation flow --- slate/source/includes/cx_standards/authorisation.md | 5 +++++ .../source/includes/releasenotes/releasenotes.1.24.0.html.md | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/slate/source/includes/cx_standards/authorisation.md b/slate/source/includes/cx_standards/authorisation.md index 8b1f6527..60252d41 100644 --- a/slate/source/includes/cx_standards/authorisation.md +++ b/slate/source/includes/cx_standards/authorisation.md @@ -1,9 +1,14 @@ ## Authorisation Standards +```diff +Added new Authorisation CX Standard: ++ Authorisation: Account selection functionality +``` |Area|CX Standard| |-------------------|------------------------------| |**Authorisation:**
Account selection |Data holders **MUST** allow the consumer to select which of their accounts to share data from if the data request includes account-specific data and if there are multiple accounts available. The Data holder **MAY** omit this step if none of the data being requested is specific to an account (e.g. Saved Payees).| +|**Authorisation:**
Account selection functionality |

Data holders **MAY** include additional functionality to support account discovery and selection where further navigation or interaction is required to view all accounts. This may, for example, include search, sort, filter, scroll, grouping, and pagination, or other controls in line with existing consumer experiences. Any such functionality **MUST NOT** introduce unwarranted friction.

**Note:** Unwarranted friction should have regard to CDR Rule 4.24 and is considered to include the addition of any requirements beyond normal data holder practices for an equivalent account selection process.

| |**Authorisation:**
Profile selection |

Data holders **MAY** add a 'profile selection' step or equivalent prior to the account selection step if a single identifier provides access to different customer accounts. For example, one customer ID may give access to business customer and individual customer accounts.

The 'profile selection' step **SHOULD** only be considered if it is an existing customer experience, and **SHOULD** be as minimal as possible to avoid introducing unwarranted friction (having regard to CDR Rule 4.24).

| |**Authorisation:**
Account confirm|Data holders **MUST** show which accounts the data is being shared from prior to confirming authorisation if the data request includes account-specific data. The data holder **MAY** omit this information if none of the data being requested is specific to an account (e.g. Saved Payees).| |**Authorisation:**
Pending status|

Where an account requires further actions or approvals before data can be disclosed, data holders **MUST** indicate this to the user visually and **MUST** provide an explanation of what is required or expected.

This **MAY**, for example, be achieved with a visual icon to indicate that the account is 'pending'. This indication **MUST** be accompanied by an in-context explanation to describe what the status means. This explanation **SHOULD** include any required actions and any specified time frames.

| diff --git a/slate/source/includes/releasenotes/releasenotes.1.24.0.html.md b/slate/source/includes/releasenotes/releasenotes.1.24.0.html.md index cc63a6a6..37139f2d 100644 --- a/slate/source/includes/releasenotes/releasenotes.1.24.0.html.md +++ b/slate/source/includes/releasenotes/releasenotes.1.24.0.html.md @@ -48,7 +48,9 @@ No Change ## Consumer Experience -No Change +|Change|Description|Link| +|------|-----------|----| +| New Authorisation CX Standard | [**Standards Maintenance #574**](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/574): Added new Authorisation CX Standard for additional account selection functionality in the authorisation flow. | [Authorisation Standards](../../#authorisation-standards) | ## Known Issues