QTSP Regulatory Checking

The European Banking Authority (EBA) Regulatory Technical Standard on Strong Customer Authentication and Common and Secure Communication (RTS on SCA and CSC) Article 34.1 requires that, for the purpose of identification, Payment Service Providers (PSPs) rely on eIDAS qualified certificates for website authentication (QWAC) or qualified certificates for electronic seals (QSealC).

The existing QWAC and QSealC formats have been modified to support PSD2. The PSD2 QWACs and QSealCs contain the following PSD2 attributes:

  • A unique authorisation number of the PSP
  • The PSD2 roles for which the PSP has been authorised/registered
  • The name of the National Competent Authority (NCA) where the PSP is authorised/registered

As well as the usual organisation identification and validation processes the QTSP performs, as defined in its certificate policy, it now has to perform the following actions before issuing a PSD2 QWAC or QSealC:

  • Identify the NCA where the PSP has been authorised/registered
  • Find the PSP registration record on any one of 31 NCA register websites
  • Identify the correct registration number of the PSP
  • Generate the unique authorisation number for the PSP
  • Identify the payment services the PSP is authorised/registered to provide
  • Translate the payment services into PSD2 roles

Although all NCAs provide publicly accessible registers, via their websites, these registers are not uniform and provide regulatory data in many different languages, formats and layouts. It is a complex process to access and extract the relevant information from the NCA registers in an automatic and efficient manner.

Konsentus Solution

The Konsentus SaaS based regulatory checking service can provide QTSPs, via a simple RESTful API, with:

  • An on-line, machine readable, consolidated database of PSP regulatory data, gathered from all 31 EEA NCA registers - updated every hour
  • Cross-checked with the EBA electronic central register
  • A real-time scan of the NCA register returning the most up-to-date regulatory information on the requested PSP
  • The following harmonised PSP data:
    • Payment service category of the PSP
    • Legal name of the PSP
    • Authorisation status of the PSP
    • Payment service the PSP is authorised to provide
    • Name of the Home NCA
    • Country code of the Home NCA

Thus significantly simplify the regulatory checking process for QTSPs issuing PSD2 QWACs and QSealCs.