UK Open Banking eIDAS Identity and Regulatory Checking

UK Open Banking eIDAS Identity and Regulatory Checking

The FCA’s letter in June 2019, clarifying their position on the use of eIDAS certificates under the EBA’s RTS on SCA and CSC (RTS), states:

“The EBA Opinion on eIDAS identified three possible alternatives for the use of QWACs and QSealCs by PSPs; parallel use of QWACs and QSealCs, use of QWACs only or use of QSealCs with an additional element that ensures secure communication. Although ASPSPs can choose any of the above options we encourage PSPs to use parallel QWACs and QSealCs when identifying themselves and communicating with an ASPSP”.

“In the UK, the development of an Open Banking standard in response to the CMA Order has also led to the development of a functioning infrastructure for identification. Authorised and registered third party providers (TPPs) that have already joined the Open Banking Directory have been issued with certificates by Open Banking, “OB Certificates”, and are currently using these to identify themselves toward ASPSPs”.

“An ASPSP that allows a TPP to identify itself in this way (using “OB Certificates”), must also ensure that its interface is capable of enabling a TPP to identify itself using only its eIDAS certificate(s)”.

The Konsentus Identity and Regulatory Checking service

Konsentus supports UK ASPSPs to comply with the FCA’s position on the use of eIDAS certificates and with the RTS.

The Konsentus Identity and Regulatory Checking service validates eIDAS certificates (QWAC and QSealC), in real-time, and checks the regulatory status of the TPP using its regulatory database generated from all 31 National Competent Authority registers and the EBA’s Credit and Payment Institution registers.

The service is available through a single API end-point that takes the eIDAS certificate as input and returns the results of the eIDAS certificate check and the regulatory status check. Providing the ASPSP with all the information it needs to make an informed business decision on whether to accept a TPP’s request for account information or payment initiation.