Reconfirm consent through SMS or email

Alternative methods for collecting user consent for data processing.

When you initially create or extend a connection, it's a regulatory requirement to collect informed user consent. Collecting user consent through an SMS or email is compliant if done correctly.

SMS and email, or a combination of both, can be useful methods to collect consent in addition to screens within your app or website.

For example, you could send a series of reminder emails prior to a connection expiring, requesting the user provide consent and extend their connection. If these don't receive a response, you could send a final reminder as an SMS, which have higher open rates.

Collect consent through email

When you send an email to collect consent, it should follow the same principles as when you initially collect consent.

You should introduce your service with branding and remind the user which banks they're connected to. Additionally, you must include consent copy in your email to remain compliant.

Your email should contain two actions your user can take, to either confirm consent, or withdraw consent. The action to confirm consent should be more prominent to encourage users to extend connections.

If the user confirms consent, and no further authentication is needed from the bank, redirect them to your app or website. Here, display a success screen that explains their connection is extended, and states the next time they'll need to reconfirm consent.

If the user withdraws consent, redirect them to your app or website and display a positive friction screen. This screen should outline that withdrawing consent will stop sharing the user's details with your application, which will reduce the features they can use in it.


An example of the flow for users reconfirming consent through email.

Collect consent through SMS

When you collect consent through SMS, the message should contain consent copy. We also recommend you some details about your application to build trust. For example, "To keep using {app}, we require consent to access your {bank} data."

The user should use a text message reply to confirm or withdraw consent. For example, "CONFIRM CONSENT" or "REVOKE CONSENT".

If the user confirms consent, they should receive a success SMS that contains the date they will next need to provide consent.

If the user revokes consent, you can choose to add friction via a follow-up confirmation message. For example, "Are you sure you want to revoke consent? Reply with REVOKE or CANCEL."


An example of the flow for users reconfirming consent through SMS.

Success screens

When a user reconfirms consent through SMS or email, the flow depends on whether further bank authorisation is required or not:

  • If bank authorisation isn't required, display a success screen.
  • If bank authorisation is required, redirect the user to your bank authorisation flow, then display the success screen upon completion.