PSD2 Online Banking

All companies, that present themselves as a third-party payment service provider (TTP) to comply with the new PSD2 Payment Services Directive, must use digital qualified certificates that meet the requirements of this directive to safeguard the security of information and financial transactions.

Multicert, as Qualified Trust Service Provider accredited by eIDAS, is already providing PSD2 certificates to banks, credit institutions and payment service providers according to the specifications below. 

According to PSD2 Regulatory Technical Standards it is required to use Qualified Electronic Seal Certificate (QSEALC) and Qualified Website Authentication Certificate (QWAC) in compliance with ETSI TS 119495 standard ETSI TS 119 495.

Qualified Website Authentication Certificate PSD2 [QWAC PSD2]

• Server/Client mutual Authentication
• From/To Authenticity
• Integrity
• Confidentiality

Qualified Electronic Seal Certificate PSD2 [QSealC PSD2]

• Message Signature
• From/To Authenticity
• Integrity
• No-repudiation

It also includes test and production certificates that can be available within 3 business days. Available for all European countries. Once issued, they are valid for 2 years.

Inherent benefits of PSD2 certificates to services between payment providers and financial institutions

• Transactions take place on secure channels
• Guarantee of authenticity and data integrity
• Face the risk of fraud and malicious activities
• Greater openness and competitiveness in the banking sector
• Increased security in online payments