PSD2: Open Banking and Consumer Protection

PSD2 rewrites the rules of security

Certify identity of incumbents and emerging players, guarantee the data’s authenticity in the transaction and impose Strong Customer Authentication solutions for the customers

↓ Discover more

Digital Trust Services to comply with new PSD2’ standards

digital trust services

The opening of payment services to new players (AISP, PISP, CISP) and the increase of customer protection are the pillars at base of new Directive.

PSD2 (like other European Regulations, such as AML) refers to eIDAS Regulation on Digital Trust Services to guarantee the security of transaction. In this new environment, new players are between the bank and the customer with different and emerging business models, from the payment initiator to the account aggregator. They will have to equip themselves with the services, defined by eIDAS, and be able to ensure their identity, authenticity and confidentiality of the exchanged data in the transaction.

In addition to this security layer, PSD2 dictates compelling requirements also for the Strong Customer Authentication (SCA), introducing the dynamic linking principle for the payment’s authorization. As the leading Qualified Trust Service Provider in Europe, InfoCert developed a clear and organic Value Proposition compliant with PSD2 requirements.



Website AuthenticationThe Qualified Website Authentication Certificates (QWACs) and the Qualified Electronic Seal Certificates (QSEALCs) are the basic services that banks and new players will have to adopt by September 2019, when the technical standards of PSD2 will come into force.

These specific products for the payment industry have been presented by InfoCert at Sophia Antipolis, where ETSI (European Telecommunications Standards Institute) is headquartered. Here we successfully completed the first PSD2-compliant transaction.

The InfoCert’s QWACs and QSEALCs will certify the identity of new players, enabling them to legally interact with the other actors in the new payment ecosystem.

Contact for more information

Strong Customer Authentication (SCA)

Customer AuthenticationStrong authentication solutions used in the market to authorize a payment must guarantee the dynamic linking, it means they’ll include elements which dynamically link the transaction to a specific amount and a specific payee.

As matter of fact, each temporary code will have to authorize only the transaction for which it was generated.

InfoCert offers its customers proper solutions to be fully compliant with the SCA requirements of the new Directive ensuring the best UX with the “Silent OTP” system.

Contact for more information


quality, security and reliability

To maintain the status of Qualified Trust Service Provider, InfoCert is continuously audited and controlled.

Our certifications flag the commitment and investment of InfoCert to delivery trust services with the highest standards of quality, security and reliability.

Discover more

eIDAS Qualified
Trust Service Provider

eIDAS Qualified Time Stamps
ETSI EN 319 401

Adobe Approved Trust
List Member (AATL)

Quality Management System
ISO 90012008

Information Security Management System
ISO 270012013

Service Management System
ISO 200002011


The Disruptive power of eIDAS: how the new EU Regulation accelerates digital transformation and creates new opportunities

eIDAS Regulation

By introducing a unique schema for Digital Trust Based solutions – electronic signatures, electronic seals, time stamps, electronic delivery services and website authentication certificates – eIDAS is the key to unlock digital transformation in many businesses.

Offered by InfoCert, this webinar highlights the crucial points of eIDAS Regulation…

Discover more