We have already helped numerous Nordic banks and third-party providers become PDS2 compliant, and we are ready to help you as well.
More openness requires more security
In traditional banking, a customer interacts with banks and Payment Service Providers using separate logins. Apart from being a hassle, the traditional banking setup also lacks transparency regarding agreements and general terms.
Why Open Banking?
Open Banking is an evolution that supports digitalization, innovation, and competition in the financial market.
The movement is regulated through Payment Services Directive 2 — PSD2 in short:
The overall purpose of the PSD2 initiative is to increase competition in the financial market, giving customers greater freedom of choice, more transparency, cheaper products, and better solutions for managing and optimising daily finances.
QWAC and QSealC
Open Banking requires specific Qualified Certificates — two new types of digital certificates which must be used to comply with the PSD2 regulation:
QWAC: A digital certificate comparable to an EV SSL/TLS certificate. This certificate ensures identification in the transport layer. It is used for site authentication so that banks, Payment Service Providers, and TPPs can be sure of each other’s identities.
QSealC: A digital certificate that seals and ensures data integrity when information is shared between a bank, a Payment Service Provider, and a TPP.
Qualified Trust Service Provider
TRUSTZONE is an authorised partner with several Qualified Trust Service Providers (QTSPs), and we can provide all certificates and certificate configurations needed to comply with the requirements of the PSD2 regulation.
We have already helped several Nordic banks and third-party providers become compliant, and we are ready to help you as well.
With PSD2, banks and Payment Service Providers must share their customers’ account information via open APIs, allowing a TPP like SPIIR to present a customer’s engagement overview from multiple AISPs via a single APP — simple and transparently.
A crucial element of the PSD2 Regulation is Strong Customer Authentication (SCA). SCA is a principle to ensure that customer data and account information are shared securely and authorised. SCA is obtained using PSD2 certificates: QWACs and QSealCs. QWACs and QSealCs are variants of eIDAS-qualified certificates and may only be issued by Qualified Trust Service Providers (QTSPs).
What Do I Need for My Financial Business, a QWAC or QSealsC?
|Where is it used?
|Identifies endpoints, protects data during communication
|Identifies origin of document or data and makes it tamperproof in communication and storage
|Confidentiality, authentication, and integrity
|Authentication and integrity
|Security features applicable to
|Data in transit
|Data at rest, data in transit
|Does it provide legal evidential value for transactions?
|Yes, under PSD2
Where is it used?
Identifies endpoints, protects data during communication
Identifies origin of document or data and makes it tamperproof in communication and storage
Confidentiality, authentication, and integrity
Authentication and integrity
Security features applicable to
Data in transit
Data at rest, data in transit
Does it provide legal evidential value for transactions?
Yes, under PSD2
FAQ – PSD2 Certificates
What are PSD2 certificates?
PSD2 certificates are electronic certificates used to identify parties involved in online financial transactions in accordance with the EU’s Payment Services Directive 2 (PSD2) regulation.
What is the purpose of PSD2 certificates?
Generally, A Code Signing Certificate is built on the term “Public Key Infrastructure” (PKI) like SSL certificates, which includes a public key and a private key. A Private Key is used to sign the data, and the use of a public key is to confirm the sign of the data.
With the sign of software code, you can timestamp your code to avoid annoying expiry of the digital certificate. Users can trust signed software and they can download it easily, also increases reliability among software users.
A Code Signing software is useful to sign content like software objects, configuration files, manual, virus updates, device drivers, and similar.
Are there different types of PSD2 certificates?
Yes, there are three types of PSD2 certificates: Qualified Website Authentication Certificates (QWACs), Qualified Certificate for Electronic Seals (QSealCs), and Qualified Certificate for Electronic Signature (QES).