API: Application Programming Interface

CA: Certificate Authority (see QCA/QTSP)

CRL: Certificate Revocation List

CSC: Common and Secure Open Standards of Communication

eIDAS: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

ETSI: European Telecommunications Standards Institute

NCA: National Competent Authority

NSA: National Supervisory Authority

OCSP: Online Certificate Status Protocol

PKI: Public Key Infrastructure

PSD2: Payment Services Directive 2 NOTE: Directive (EU) 2015/2366 [i.2].

PSU: ’payment service user’

PSP: ‘payment service provider’ - means a body referred to in PSD2 Article 1(1) or a natural or legal person benefiting from an exemption pursuant to Article 32 or 33;

“A payment service provider (PSP) offers shops online services for accepting electronic payments by a variety of payment methods including credit card, bank-based payments such as Direct Debit, bank transfer, and real-time bank transfer based on online banking.”

ASPSP: ‘account servicing payment service provider’ means a payment service provider providing and maintaining a payment account for a payer.

TPP: ‘Third Party Provider’ means an authorised online service provider that has been introduced as part of Open Banking (for example an AISP or a PISP).

AISP: ‘account information service provider’ – means a payment service provider pursuing business activities as referred to in PSD2 point (8) of Annex I; ‘account information service’ means an online service to provide consolidated information on one or more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider.

PISP: ‘payment initiation service provider’ – means a payment service provider pursuing business activities as in PSD2 point (7) of Annex I; ‘payment initiation service’ means a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.

PIISP: ’payment instrument issuer service provider’

PSP_AI: Account Information Service Provider

PSP_AS: Account Servicing Payment Service Provider

PSP_IC: Payment Service Provider Issuing Card-based payment instruments

PSP_PI: Payment Initiation Service Provider

QCA: Qualified Certificate Authority (also as QTSP)

QSCD: Qualified electronic Signature/Seal Creation Device

QSealC: Qualified electronic Seal Certificate

QTSP: Qualified Trust Service Provider

QWAC: Qualified Website Authentication Certificate

RFC: Request for Comments (RFC) is a type of publication from the technology community, RFCs cover many aspects of computer networking, including protocols, procedures, programs, and concepts.

RTS: Regulatory Technical Standards NOTE: Regulation 2018/389 [i.3].

SCA: Strong Customer Authentication

SCEP: Simple Certificate Enrollment Protocol

TLS: Transport Layer Security

X.509: is a standard defining the format of public key certificates

‘authentication’: means a procedure which allows the payment service provider to verify the identity of a payment service user or the validity of the use of a specific payment instrument, including the use of the user’s personalised security credentials;

‘home Member State’: means either of the following:

  • the Member State in which the registered office of the payment service provider is situated; or
  • (b) if the payment service provider has, under its national law, no registered office, the Member State in which its head office is situated;

‘host Member State’: means the Member State other than the home Member State in which a payment service provider has an agent or a branch or provides payment services;

‘payee’: means a natural or legal person who is the intended recipient of funds which have been the subject of a payment transaction;

‘payer’: means a natural or legal person who holds a payment account and allows a payment order from that payment account, or, where there is no payment account, a natural or legal person who gives a payment order;

‘payment institution’: means a legal person that has been granted authorisation in accordance with PSD2 Article 11 to provide and execute payment services throughout the Union;

‘payment instrument’: means a personalised device(s) and/or set of procedures agreed between the payment service user and the payment service provider and used in order to initiate a payment order;

‘payment service user’: means a natural or legal person making use of a payment service in the capacity of payer, payee, or both;

‘payment transaction’: means an act, initiated by the payer or on his behalf or by the payee, of placing, transferring or withdrawing funds, irrespective of any underlying obligations between the payer and the payee;

‘remote payment transaction’: means a payment transaction initiated via internet or through a device that can be used for distance communication;

‘sensitive payment data’: means data, including personalised security credentials which can be used to carry out fraud. For the activities of payment initiation service providers and account information service providers, the name of the account owner and the account number do not constitute sensitive payment data;

‘strong customer authentication’: means an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data;

Scroll to Top