The European Banking Authority (EBA) Regulatory Technical Standard on Strong Customer Authentication and Common and Secure Communication (RTS on SCA and CSC) Article 34.1 requires that, for the purpose of identification, Payment Service Providers (PSPs) rely on eIDAS qualified certificates for website authentication (QWAC) or qualified certificates for electronic seals (QSealC).
The existing QWAC and QSealC formats have been modified to support PSD2. The PSD2 QWACs and QSealCs contain the following PSD2 attributes:
As well as the usual organisation identification and validation processes the QTSP performs, as defined in its certificate policy, it now has to perform the following actions before issuing a PSD2 QWAC or QSealC:
Although all NCAs provide publicly accessible registers, via their websites, these registers are not uniform and provide regulatory data in many different languages, formats and layouts. It is a complex process to access and extract the relevant information from the NCA registers in an automatic and efficient manner.
The Konsentus SaaS based regulatory checking service can provide QTSPs, via a simple RESTful API, with:
Thus significantly simplify the regulatory checking process for QTSPs issuing PSD2 QWACs and QSealCs.