API: Application Programming Interface
CA: Certificate Authority (see QCA/QTSP)
CRL: Certificate Revocation List
CSC: Common and Secure Open Standards of Communication
eIDAS: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
ETSI: European Telecommunications Standards Institute
NCA: National Competent Authority
NSA: National Supervisory Authority
OCSP: Online Certificate Status Protocol
PKI: Public Key Infrastructure
PSD2: Payment Services Directive 2 NOTE: Directive (EU) 2015/2366 [i.2].
PSU: ’payment service user’
PSP: ‘payment service provider’ - means a body referred to in PSD2 Article 1(1) or a natural or legal person benefiting from an exemption pursuant to Article 32 or 33;
“A payment service provider (PSP) offers shops online services for accepting electronic payments by a variety of payment methods including credit card, bank-based payments such as Direct Debit, bank transfer, and real-time bank transfer based on online banking.”
ASPSP: ‘account servicing payment service provider’ means a payment service provider providing and maintaining a payment account for a payer.
TPP: ‘Third Party Provider’ means an authorised online service provider that has been introduced as part of Open Banking (for example an AISP or a PISP).
AISP: ‘account information service provider’ – means a payment service provider pursuing business activities as referred to in PSD2 point (8) of Annex I; ‘account information service’ means an online service to provide consolidated information on one or more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider.
PISP: ‘payment initiation service provider’ – means a payment service provider pursuing business activities as in PSD2 point (7) of Annex I; ‘payment initiation service’ means a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.
PIISP: ’payment instrument issuer service provider’
PSP_AI: Account Information Service Provider
PSP_AS: Account Servicing Payment Service Provider
PSP_IC: Payment Service Provider Issuing Card-based payment instruments
PSP_PI: Payment Initiation Service Provider
QCA: Qualified Certificate Authority (also as QTSP)
QSCD: Qualified electronic Signature/Seal Creation Device
QSealC: Qualified electronic Seal Certificate
QTSP: Qualified Trust Service Provider
QWAC: Qualified Website Authentication Certificate
RFC: Request for Comments (RFC) is a type of publication from the technology community, RFCs cover many aspects of computer networking, including protocols, procedures, programs, and concepts.
RTS: Regulatory Technical Standards NOTE: Regulation 2018/389 [i.3].
SCA: Strong Customer Authentication
SCEP: Simple Certificate Enrollment Protocol
TLS: Transport Layer Security
X.509: is a standard defining the format of public key certificates
‘authentication’: means a procedure which allows the payment service provider to verify the identity of a payment service user or the validity of the use of a specific payment instrument, including the use of the user’s personalised security credentials;
‘home Member State’: means either of the following:
‘host Member State’: means the Member State other than the home Member State in which a payment service provider has an agent or a branch or provides payment services;
‘payee’: means a natural or legal person who is the intended recipient of funds which have been the subject of a payment transaction;
‘payer’: means a natural or legal person who holds a payment account and allows a payment order from that payment account, or, where there is no payment account, a natural or legal person who gives a payment order;
‘payment institution’: means a legal person that has been granted authorisation in accordance with PSD2 Article 11 to provide and execute payment services throughout the Union;
‘payment instrument’: means a personalised device(s) and/or set of procedures agreed between the payment service user and the payment service provider and used in order to initiate a payment order;
‘payment service user’: means a natural or legal person making use of a payment service in the capacity of payer, payee, or both;
‘payment transaction’: means an act, initiated by the payer or on his behalf or by the payee, of placing, transferring or withdrawing funds, irrespective of any underlying obligations between the payer and the payee;
‘remote payment transaction’: means a payment transaction initiated via internet or through a device that can be used for distance communication;
‘sensitive payment data’: means data, including personalised security credentials which can be used to carry out fraud. For the activities of payment initiation service providers and account information service providers, the name of the account owner and the account number do not constitute sensitive payment data;
‘strong customer authentication’: means an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data;
© 2020 Microsec Ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41