Checking the regulatory/approved status of a TPP is challenging:
FI needs to reference numerous databases to ensure a TPP is both registered and/or approved to provide the services and has not been revoked.
The Konsentus platform will thus look to reference:
Konsentus continually checks that no TPP has been revoked at any point and will be able in the shortest feasible time to notify FIs when a TPP is revoked and ensure Payment Service User’s data is never passed to a revoked/non-registered/non-approved TPP.
Once a TPP is revoked and a bulletin issued by the relevant NCA it is the responsibility of the FI to ensure that no data is sent to the TPP. It is crucial that FIs have the latest information, in a timely manner thus protecting consumers and FIs. The risk is both to the FI’s brand reputation and also to the potential of National Competent Authority remedial action.
The TPP must identify themselves to the FI using the means appropriate to the FI’s specific API.
FIs may choose to develop APIs to recognised standards (e.g. UK Open Banking, STET, The Berlin Group etc.) or develop their own specific APIs.
Through the use of eIDAS certificates, the FI will have immediate verification of the identity of the TPP. The certificate will also contain the regulatory status as at the time the certificate was issued by the Qualified Trusted Service Provider.
However, the eIDAS certificate only confirms at a previous point in time and may not reflect their current status; this presents a risk to the FI.
FIs must know the current regulatory status of TPPs before releasing account holder information or executing transactions.
The Konsentus platform provides the following services: