Everything you need to know about PSD2 certificate compliance
The EU legal framework requires additional security measures for banks and payment service providers, including the use of special qualified digital certificates.
What is the revised Payment Services Directive (PSD2)?
As part of a long-term effort to increase the security, privacy and reliability of cross-border electronic payments within the Union, the European Commission developed the revised Payment Services Directive (EU Directive 2015/2366, also known as PSD2) that entered into force with effect from January 2018.
The directive aims to...
- Contribute to a more integrated and efficient European payments market
- Create a level playing field for Payment Service Providers (PSPs) Payment Service Providers (PSPs) across the EU.
- Make electronic payments more secure.
- Make e-payments more secure.Provide more consistent consumer protection
PSD2 covers many facets of electronic payments, but above all it introduces enhanced privacy and online security measures that must be applied by banks and PSPs doing business in the EU.
What are eIDAS qualified certificates?
Regulation (EU) 910/2014 (eIDAS) is a set of regulatory standards that define the requirements that digital certificates must have to ensure the validation of the identity of their holders and the functioning of the Qualified Trust Service Providers (QTSPs) that issue them.
Certificates issued by QTSP in accordance with eIDAS standards are known as "Qualified Certificates" and provide a special status in certain legal and regulatory contexts throughout the EU.
Why do I need PSD2 qualified certificates?
PSD2 electronic certificates are used to identify banks and PSPs, to verify the functions for which they are licensed, to encrypt communications and, in some cases, to provide tamper-proof seals on data or transactions.
Due to the sensitivity of financial services transactions, requirements have been established specifying that only certificates issued by a qualified QTSP are admissible..
ANF AC is officially accredited to provide PSD2 qualified certificates.
ANF AC is the only QTSP
which has achieved official accreditation for 100 % of eIDAS services, and is the first QSTP to be authorised for PSD2 issuance.
What kind of certificates do I need for PSD2 compliance?
PSD2 specifies two types of qualified electronic certificate, which must be issued by a QTSP that is accredited on the eIDAS Trusted List (TSL) to provide the following services:
QUALIFIED CERTIFICATE FOR WEBSITE AUTHENTICATION (QWAC)
