PSD2 RTS requires the use of qualified certificates. The purpose of the test certificate is to help you prepare. Qualified certificates represent a strong binding between the identity of the PSP and its public key. Test certificates have no legal effect.
The qualified certificates allow payment service providers, including TPPs and ASPSPs, to comply with the requirement and related technical standard resulting from the PSD2 Directive. The certificates ensure the authenticity, confidentiality and integrity of the communication, as well as provide legally binding evidence about transactions and contents.
The issuer QTSP must verify all data to be included in a qualified certificate and perform face-to-face or equivalent identity verification of the PSP. Test certificates can contain arbitrary data and can be issued without any verification.
Qualified certificates must be validated based on the EU Trusted Lists, which contain the list of qualified trust service providers (QTSPs) in each EU Member State. Test certificates are issued by CAs not on the EU Trusted Lists.
The QTSP always provides certificate status services for qualified certificates using CRL and/or OCSP. Test certificates may or may not come with CRL/OCSP service. (Microsec provides test CRL and test OCSP service as well.)
Qualified certificates always contain QCStatement extension which means that the certificate is qualified. Test certificates may or may not contain the same. (Microsec issues test certificates containing this QCStatement.)
Test certificates typically contain some distinguishing feature to make it clear that they are not live certificates. (Microsec test certificates contain a test CP OID and user notice text in the Certificate Policies extension.).
The Microsec PSD2-specific certificate validation toolbox provides a robust and customizable solution for all validation tasks, including checks of subject identity, certificate expiry, revocation, qualified status, conformity, regulatory information and more.
The toolbox can be used to validate any certificate given as input, or to validate a certificate as part of a complete digital signature validation (e.g. for electronic seal certificates)The validation of PSD2 qualified certificates includes checking the presence of multiple QcStatements (QcCompliance, QcQSCD, QcType, PSD2), performing certificate chain building and path validation against the EU Trusted Lists (which are digitally signed XML documents referenced through a central List of the Lists) and a number of other steps.
Microsec offers a PSD2 certificate validation toolbox, which can perform all the necessary validation tasks, including the above, and also provides digital signature creation features.
For now we are offering single domain solutions only (certs are required for each domain).
All of our PSD2-specific certificates can include multiple PSP roles.
The toolbox can validate qualified PSD2-specific certs issued by any European QTSP based on the trusted list.
We offer such customized PSD2-specific test certificates that include QC statement according to PSD2 ETSI certificate profile. In order to provide further support for full testability we offer an option to establish a test Trust List to imitate a realistic test environment.
The PSD2-specific certificate is valid for 2 year. If you don’t plan to use it longer, you don’t have to renew or prolong this cert for the second term. In other cases, it is possible to terminate the service under the conditions specified in the GTC.
1. You can easily apply for PSD2-related production and test certificates straight from our website on the link below:
2. After submitting your request, our Customer Service will contact you within 3 business days to inform you about the process and the documents to be submitted. Our customer service must verify the information on all application forms and then identify the requester. Once these are completed, the certificate can be issued.
There are several factors beyond the trust service provider. Your National Competent Authority has to share all the information that allows for QTSP verify all the information you provided. Afterwards a personal identity verification is also needed; you can request for one-time delivery Mobile Registration Authority. The Mobile RA service ensures and fulfils the necessary conditions of on-site personal ID verification and certificate delivery of certain trust services.
Please find our pricelist on the link below:
Certificates have an biennial fee.
Microsec offers Mobile Registration Authority (Mobile RA) service. This may be necessary if the Requester does not have a qualified electronic signature, it is not possible to request notarial identification in your country, and the Requester cannot/will not appear at our Customer Service in Budapest. In this case, our colleague will personally visit the address given.
The Mobile RA service ensures and fulfils the necessary conditions of on-site personal ID verification and certificate delivery of certain trust services. The service executes the obligations of the CA / QTSP at an external location chosen by the Requester. The procedure complies with the regulations of eIDAS. To order this service please contact us at firstname.lastname@example.org
You can easily apply for PSD2-related production and test certificates straight from our website on the link below:
During the process, Help is available to the requester.
For the production certificates Microsec requires the 2 public keys (1 for the QWAC, 1 for the QSealC) to be submitted in the form of PKCS#10 certificate signing requests.
While an HSM is indeed a recommended means to generate, store and manage the private keys, there is no requirement for the use of an HSM. In any case, you should have security measures in place for the protection of the private key.
The PSD2-specific certificates are valid for two years and need to be renewed on a biennial basis.
The certificates have an biennial fee.
Yes, Our certificates comply with the eIDAS Regulation and the services are listed on the EU Trust List.
Microsec does not require any specific hardware for the management of keys corresponding to the PSD2 certificates. Of course we recommend strong protection of the private keys, however, you are free to choose the appropriate solution based on your risk assessment, which can be either hardware keys or software keys as well.
To order this service please contact us at email@example.com.
© 2020 Microsec Ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41