# FAQ
source: https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/faq/index.md

### General {#general}

Consent is an integral part of PSD2 and collaboration with 3rd parties. The only way Third Party Providers can act on the customers' behalf is if the customer has given explicit consent (authorization) to have such permissions. The process by which a PSU gives a TPP permission to approach their ASPSP in order that the TPP can be granted access to the PSU's account to provide the service to the PSU is called Consent. The process by which the PSU confirms that the ASPSP may respond to the request from the TPP to whom the PSU has given consent. It is between the TPP and customer to agree the time period for account data sharing, known as customer consent. Regardless of the time period agreed, PSD2 SCA regulation generally allows AIS consent to be valid for 180 days (unlimited in UK as long as TPP notifies PSU per SCA RTS rules) Mastercard's AIS service can aggregate bank data from banks all across Europe, and fetch valuable, real-time data to power your business. This can be used to build new lending services, automate accounting solutions, or power future online banking services. Mastercard's PIS service provides payment functionality all across Europe. It can be used to build new payment services covering multiple use case. A wide range of transaction information is returned, including a description of the transaction, the date of the transaction, type, and balance. Yes, we are currently integrating banks' new PSD2 APIs across Europe. However, to make sure you get the best experience possible, we still use our reverse engineered APIs if the quality of banks' PSD2 APIs does not meet standards.

### Licenses and certificates {#licenses-and-certificates}

To use Aiia Enterprise, your company must be a registered Account Information Service Provider (AISP) and/or a Payment Initiation Service Provider (PISP).  
To become a registered service provider, you must comply with the rules set by the Financial Supervisory Authority (FSA) in the country you operate in. Complete the [Contact Us](https://openbankingeu.mastercard.com/contact-us) form if you have any questions or concerns about the AISP or PISP license. An Account Information Service Provider (AISP) is a business or service that is authorized by the financial supervisory authority (FSA) to access account and transaction data from business or personal banks.

With customers' consent, AISP businesses are able to build innovative financial services on top of bank data to the benefit of the customers. If your business wants to apply for an AISP license, visit the website for the Financial Supervisory Authority (FSA) in your country

### Markets and coverage {#markets-and-coverage}

For a full overview of that banks we support for Aiia Enterprise, refer to [Supported Providers](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/production/supported-providers/index.md). We support a vast majority of the banks across Europe. And we continue to add more banks in both the B2B and B2C markets.

For a full overview of that banks we support for Aiia Enterprise, refer to [Supported Providers](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/production/supported-providers/index.md).

### Compliance and security {#compliance-and-security}

Yes. Compliance and security is integral to Mastercard Open Finance, including the EU's legislation, PSD2 (Revised Payment Service Directive). To make payments safer than ever, Strong Customer Authentication (SCA) is an EU requirement that's set in place to reduce fraud. This means, when a customer authorizes AIS or PIS access to their account, the bank will require the customer to authenticate using at least two of the three following authentication measures:

* Something the customer knows (password or pin)
* Something the customer has (phone or laptop)
* Something the customer is (fingerprint or face recognition)

### Payer Token {#payer-token}

This feature enables TPPs to shorten the payment initiation journey for PSUs, by securely storing their account details, so that they can be reused for subsequent payments.

Aiia Enterprise generates an encrypted "payer token" which represents the PSU's source account details. Aiia Enterprise returns this to the TPP, who stores it, and then includes it in subsequent payment initiation requests by the same PSU.
We are currently making this feature available in the Nordics, with a view to future roll-out across wider European markets.

Please note that the feature is currently in pilot phase, which means it is ready for customers to begin live testing. Because it is a new feature, it is not yet fully supported and proven.
You can start using this feature straight away - you just need to start including the relevant flag in [payment initiation requests](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/payments/index.md). Please refer to the instructions in our developer documentation. You may wish to consider the following:

In order to use this feature successfully, you will need a mechanism to securely store the payer token(s) and ensure that these are recorded against the relevant PSU. You will therefore need to consider the technical implications for your application.
Payer tokens contain personal data in an encrypted format, and you will be responsible for storing and managing this data. As such, you should consider the data privacy implications which apply to you, and any compliance obligations you may need to abide by, before starting to use this feature.

Please refer to our complete set of [FAQs](https://developer.mastercard.com/open-finance-europe/documentation/faq/index.md) that covers all of our solutions.