IDENTITY AND TRUST SERVICES:
SECURE CONNECTIONS IN THE OPEN BANKING ECOSYSTEM
The opening of banking services to Third Parties Providers (TPPs), that is at the base of new PSD2 Directive, will strongly change the traditional business models in the Financial Sector.
Operating under e-IDAS Regulation, a Qualified Trust Service Provider (QTSP) can now play a crucial role, creating a significant value for all actors engaged in the Open Banking Ecosystem. Indeed, a QTSP can bring Trust in the Onboarding Phase, through the creation of a trusted digital identity that permits to the TPP to open the relationship with the customer in a secure and AML-compliant way, and in the Relationship Phase between the TPP and the Bank, thanks to the Qualified Certificates with PSD2 extensions.
At this proposal, the European Banking Authority Regulatory Technical Standards created the perfect bridge between the eIDAS Regulation and PSD2 Directive, stating that TPPs identification shall rely on a qualified certificate, as defined in EU Regulation 910/2014 (eIDAS). These qualified certificates are:
- Qualified Certificate for Website Authentication (QWAC)
- Qualified Certificate for Electronic Seal (QSEALC)
A QWAC can open a secure channel between the Bank and the TPP, enabling the latter to identify itself to the Bank and to create a trustable channel. Instead, a QSEALC assures the authenticity and integrity of the transmitted data, getting a legal evidence of the transaction, that can be used as a proof. The use of both certificates is strongly suggested in order to create a fully trusted PSD2 transaction (any TPP is obliged by Regulation to be equipped with at least one of them).
InfoCert, as the largest QTSP in Europe, has actively worked with the European standardization bodies and it’s now working with many Open Banking alliances to guarantee the trust and the interoperability of this new kind of certificates. In May 2018 we issued the first real Qualified Certificates for PSD2 that was used to perform the first real authentication in Europe, in a demo space.
Today, we are glad to offer to the market a fully operational PSD2 Service Suite, providing both Test and Production Qualified Certificates in just few days.
Choose for which service/s you are interested in and leave your data! We will contact you immediately.