You would be surprised how many requirements a certificate authority (CA) must meet when issuing a PSD2 certificate. In general, standardized requirements clearly define how the certification process has to be performed. Requirements without standards (e.g. regulations, directives) could mix-up a bit this strict environment, which complicates the compliance. In this post, we will highlight a couple of checking methods that occur when a PSD2 certificate is issued.
The PSD2 certificate is a special qualified web server authentication certificate introduced by the European Union in 2014. In practice, this means a couple of new data in the QWAC certificate.
The PSD2 (EV, QWAC) certificates of Microsec Ltd. meet the requirements of
The CA can solve some of the verification on their own, but in many cases the process requires the involvement of the applicant. A couple of checking method during the PSD2 issuance and their meanings:
After the previous checking steps, we arrived to the PSD2 verification. First we have to find out the applicant’s type and PSD2 roles. The main difficulty is that this data is available through non-standardized channels. Imagine that each EU country (28!) has a central body, the National Competent Authority (NCA), which is responsible for the database of financial and credit institutions in that country. These databases vary from country to country, for example, the type and form of the database may be different and even there are differences between the stored data elements. For this reason, we need to develop a unique PSD2 certification process for each EU country with the verification processes. These inconvenient databases are not only difficult for CAs, but also important for the financial institutions (ASPSP), because they must verify the roles of the incoming requests from Third Party Providers (TPP).
These examples illustrate how varied checking methods a CA must perform during a PSD2 QWAC certificate issuance. Microsec meets all the necessary requirements. Feel free to request a certificate from us.
Just remember, such a certificate must be issued by a qualified certification service provider, which requires additional compliances…
Author: Pál CSUVARSZKI
© 2019 Microsec ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41