PSD2 introduces eIDAS qualified certificates to financial services
Michał Tabor
B e r l i n2 4 . 1 0 . 2 0 1 8
A I S P A c c o u n t I n f o r m a t i o n S e r v i c e P r o v i d e r
Before PSD2
Authentication
A I S P A c c o u n t I n f o r m a t i o n S e r v i c e P r o v i d e r
After PSD2
Authentication AuthenticationAccount
Information Service
P I S P P a y m e n t I n i t i a t i o n S e r v i c e P r o v i d e r
Before PSD2
Card CardMerchant
CardsCard Card
P I S P P a y m e n t I n i t i a t i o n S e r v i c e P r o v i d e r
Before PSD2
After PSD2
Card CardMerchant
CardsCard Card
Authentication
PSIP
Authentication
Initiation of payment
E T S I T S 1 1 9 4 9 5 Q u a l i f i e d C e r t i f i c a t e s u n d e r P S D 2
S t a n d a r d P u b l i s h e d 0 7 . 2 0 1 8
N e w v e r s i o n e x p e c t e d 1 1 . 2 0 1 8
E T S I T S 1 1 9 4 9 5 Q u a l i f i e d C e r t i f i c a t e s u n d e r P S D 2
Contents1 Scope….4 General concepts
5 Certificate profile requirements
6 Policy requirements
Annex A (normative): ASN.1 Declaration
Annex B (informative): Certificates supporting PSD2 - clarification of the context
Annex C (informative): Additional information on QTSP and NCA / EBA interactions
Annex D (informative): Initial list of NCA Identifiers provided by European Banking Authority
W h o n e e d s P S D 2 Q u a l i f i e d c e r t i f i c a t e s
• Mandatory use of certificates (RTS)
• payment initiation services
• account information services
• Highly recommended use of certificates
• account servicing (banks)
T W O C E R T I F I C AT E S
F o r t h e p u r p o s e o f i d e n t i f i c a t i o n P S P s s h a l l r e l y o n
QUALIFIED CERTIFICATE FOR ELECTRONIC SEAL
Issued to: Payment Service ProviderIssued by: Qualified Trust ServiceValid from: 2018/03/20 to: 2020/03/20
QUALIFIED WEBSITE CERTIFICATE
Issued to: Payment Service ProviderIssued by: Qualified Trust ServiceValid from: 2018/03/20 to: 2020/03/20
Qualified Certificates for Seals (QCSEALs)EU 910/2014 (eIDAS)Annex III
Qualified Website Certificates (QWACs):EU 910/2014 (eIDAS)Annex IV
Secure ChannelSSL / TLS
W e b C e r t i f i c a t e
Web Certificate- Authenticate PSP
(bound to channel)
Web Certificate- Authenticate Bank- Set up secure channel
PSP
S e a l C e r t i f i c a t e
Data
Seal certificate- Authenticity and integrity of evidence from a PSP
DataPSP
Seal certificate- Authenticity and integrity of evidence from a bank
Qualified Certificates
PSD2
QWAC
Authenticate Secure channel
SEAL
Transaction Evidence
R E Q U I R E D P S D 2 D A T A ( R T S ) i n C E R T I F I C AT E
QUALIFIED CERTIFICATE
Issued to: Payment Service Provider Issued by: Qualified Trust ServiceValid from: 2018/03/20 to: 2020/03/20…
Authorisation Number of PSP
PSD2 Role(s) of PSP
Name of Home Competent Authority
R E Q U I R E D P S D 2 D A T A ( R T S ) i n C E R T I F I C AT E
QUALIFIED CERTIFICATE
Issued to: Payment Service Provider Issued by: Qualified Trust ServiceValid from: 2018/03/20 to: 2020/03/20…
Authorisation Number of PSP
PSD2 Role(s) of PSP
Name of National Competent Authority
RTS
T H E S O U R C E O F R E Q U I R E D D A T A I N C E R T I F I C A T E
QUALIFIED CERTIFICATE
Issued to: Payment Service Provider Issued by: Qualified Trust ServiceValid from: 2018/03/20 to: 2020/03/20…
Authorisation Number of PSP
PSD2 Role(s) of PSP
Name of National Competent Authority
NATIONAL COMPETENT AUTHORITY PUBLIC REGISTER
EUROPEAN BANKING AUTHORITY PSD2 REGISTER
CREDIT INSTITUTION REGISTER
PAYMENT SERVICE PROVIDER
PUBLIC REGISTER
QUALIFIED TSP CERTIFICATION
AUTHORITY
1. Certificate application
2. Identity validation
NATIONALCOMPETENT AUTHORITY
AUTHORISATION
C e r t i f i c a t e I s s u a n c e
PAYMENT SERVICE PROVIDER
PUBLIC REGISTER
QUALIFIED TSP CERTIFICATION
AUTHORITY
1. Certificate application
2. Identity validation
NATIONALCOMPETENT AUTHORITY
C e r t i f i c a t e I s s u a n c e
AUTHORISATION
PAYMENT SERVICE PROVIDER
PUBLIC REGISTER
QUALIFIED TSP CERTIFICATION
AUTHORITY
1. Certificate application
2. Identity validation
NATIONALCOMPETENT AUTHORITY
C e r t i f i c a t e I s s u a n c e
AUTHORISATION
PAYMENT SERVICE PROVIDER
PUBLIC REGISTER
QUALIFIED TSP CERTIFICATION
AUTHORITY
1. Certificate application
2. Identity validation
NATIONALCOMPETENT AUTHORITY
C e r t i f i c a t e I s s u a n c e
AUTHORISATION
NATIONAL PUBLIC REGISTER or
EBA REGISTER
PAYMENT SERVICE PROVIDER
PUBLIC REGISTER
QUALIFIED TSP CERTIFICATION
AUTHORITY
1. Certificate application
2. Identity validation
NATIONALCOMPETENT AUTHORITY
C e r t i f i c a t e I s s u a n c e
AUTHORISATION
QUALIFIED TSP CERTIFICATION
AUTHORITY
PSP
NATIONALCOMPETENT AUTHORITY
C e r t i f i c a t e M a n a g e m e n t
RELYING PARTY (eg. PSP, Bank)
RELYING PARTY (eg. PSP, Bank)
C e r t i f i c a t e M a n a g e m e n t
QUALIFIED TSP CERTIFICATION
AUTHORITY
PSP
NATIONALCOMPETENT AUTHORITY
A u t h o r i s a t i o n n u m b e r
QUALIFIED CERTIFICATE
Issued to: Payment Service Provider Issued by: Qualified Trust ServiceValid from: 2018/03/20 to: 2020/03/20…
Authorisation Number of PSP
organizationIdentifier
PSD2 QCStatement
• PSD2 Role(s) of PSP• Name of National Competent Authority
PSDPL-PFSA-1234567890
P S D 2 R O L E S A N D N A M E O F N C A
• ROLES:(i) account servicing (PSP_AS);
(ii) payment initiation (PSP_PI);
(iii) account information (PSP_AI);
(iv) issuing of card-based payment instruments
(PSP_IC);
• NAME OF NCA (NATIONAL COMPETENT
AUTHORITY)
PSD2 QCStatementQUALIFIED CERTIFICATE
Issued to: Payment Service Provider Issued by: Qualified Trust ServiceValid from: 2018/03/20 to: 2020/03/20…
Authorisation Number of PSP
PSD2 QCStatement
• PSD2 Role(s) of PSP• Name of National Competent Authority
E T S I T S 1 1 9 4 9 5
T h e n e w e s t v e r s i o n o f t h e s t a n d a r d
QTSP NCA
Requirements Information
AuthorisationCertificate
PSP
Thank you
MICHAŁ TABORPartner
michal .tabor@obserwator ium.biz
+48 501 557 094