Skip To Main Content

Certificates

Solutions

Join our Newsletter

Contact Us

PSD2 Certificates

We have already helped numerous Nordic banks and third-party providers become PDS2 compliant, and we are ready to help you as well.

More Openness Requires More Security

In traditional banking, a customer interacts with banks and Payment Service Providers using separate logins. Apart from being a hassle, the traditional banking setup also lacks transparency regarding agreements and general terms.

Why Open Banking?

Open Banking is an evolution that supports digitalization, innovation, and competition in the financial market.

The movement is regulated through Payment Services Directive 2 — PSD2 in short:

The overall purpose of the PSD2 initiative is to increase competition in the financial market, giving customers greater freedom of choice, more transparency, cheaper products, and better solutions for managing and optimising daily finances.

QWAC and QSealC

Open Banking requires specific Qualified Certificates — two new types of digital certificates which must be used to comply with the PSD2 regulation:

QWAC: A digital certificate comparable to an EV SSL/TLS certificate. This certificate ensures identification in the transport layer. It is used for site authentication so that banks, Payment Service Providers, and TPPs can be sure of each other’s identities.

QSealC: A digital certificate that seals and ensures data integrity when information is shared between a bank, a Payment Service Provider, and a TPP.

Qualified Trust Service Provider

TRUSTZONE is an authorised partner with several Qualified Trust Service Providers (QTSPs), and we can provide all certificates and certificate configurations needed to comply with the requirements of the PSD2 regulation.

We have already helped several Nordic banks and third-party providers become compliant, and we are ready to help you as well.

More secure

With PSD2, banks and Payment Service Providers must share their customers’ account information via open APIs, allowing a TPP like SPIIR to present a customer’s engagement overview from multiple AISPs via a single APP — simple and transparently.

A crucial element of the PSD2 Regulation is Strong Customer Authentication (SCA). SCA is a principle to ensure that customer data and account information are shared securely and authorised. SCA is obtained using PSD2 certificates: QWACs and QSealCs.  QWACs and QSealCs are variants of eIDAS-qualified certificates and may only be issued by Qualified Trust Service Providers (QTSPs).

What Do I Need for My Financial Business, a QWAC or QSealsC?

QWAC
QSealsC
Where is it used?Identifies endpoints, protects data during communicationIdentifies origin of document or data and makes it tamperproof in communication and storage
Security featuresConfidentiality, authentication, and integrityAuthentication and integrity
Security features applicable toData in transitData at rest, data in transit
Does it provide legal evidential value for transactions?NoYes, under PSD2

PSD2 Features

Most Popular

QWAC

QSealsC

Where is it used?

Identifies endpoints, protects data during communication

Identifies origin of document or data and makes it tamperproof in communication and storage

Security features

Confidentiality, authentication, and integrity

Authentication and integrity

Security features applicable to

Data in transit

Data at rest, data in transit

Does it provide legal evidential value for transactions?

No

Yes, under PSD2

FAQ – PSD2 Certificates

What are PSD2 certificates?

PSD2 certificates are electronic certificates used to identify parties involved in online financial transactions in accordance with the EU’s Payment Services Directive 2 (PSD2) regulation.

What is the purpose of PSD2 certificates?

Generally, A Code Signing Certificate is built on the term “Public Key Infrastructure” (PKI) like SSL certificates, which includes a public key and a private key. A Private Key is used to sign the data, and the use of a public key is to confirm the sign of the data.

With the sign of software code, you can timestamp your code to avoid annoying expiry of the digital certificate. Users can trust signed software and they can download it easily, also increases reliability among software users.

A Code Signing software is useful to sign content like software objects, configuration files, manual, virus updates, device drivers, and similar.

Are there different types of PSD2 certificates?

Yes, there are three types of PSD2 certificates: Qualified Website Authentication Certificates (QWACs), Qualified Certificate for Electronic Seals (QSealCs), and Qualified Certificate for Electronic Signature (QES).

3,000+ companies already trust us: