Back to resources

February 19, 2019

Blog postBank & FinanceEJBCA EnterpriseEJBCA Hardware ApplianceTrust Service Provider

PSD2 – creating both opportunities and to-do’s

PSD2 list

2019 has just started and for banks and FinTech companies the magic month of the year is due in September. This is when PSD2 (Payment Services Directive 2) comes in to play, as formally approved by the European Parliament and the European Council in February 2018. Since then there has been an 18-month implementation and testing period. So, in just 8 months’ time, banks and FinTech companies must comply with the new directives.

PSD2 is another step towards a digital single market in the EU. The objectives with the legislation from an European Union perspective are to support new innovative banking services and channels as well as to improve customer experiences and security*.  PSD2 follows the new “API economy” where services and data are made available in a standardized way also to applications and players outside the traditional scope of that application. In particular for non-banks (FinTech), but also banks, this opens up doors for new innovative services that gathers data from multiple sources, mix and match, and create something new. An important piece of the puzzle of enabling new “PSD2 – banking services” is the trust and long-term commitment offered by many Trust Service Providers (TSP). This trust is based on secure communication and authorization between the bank and FinTech companies, through eIDAS QSEALC and QWAC. In other words, the PSD2 legislation opens new opportunities for TSPs who have invested in PKI and an eIDAS compliant infrastructure, electronic signatures, electronic seal and time-stamp services. PSD2 mandates that banks need to open their APIs for allowing third-parties to access customer accounts, to read data or to initiate transactions. This is done to enable two new types of service providers; Account Information Service Providers (AISP) and Payment Information Service Providers (PISP). AISPs typically provide aggregated information to the end customers and PISPs initiate payments for the end customer from the customer’s selected bank. Apart from establishing trust, this also requires the banks to properly gather and manage customer consent for these new third-party services. To assure reliability and security in this new extended eco-system PSD2 mandates strong customer authentication, multi-factor authentication (MFA), of end users.  The legislation also requires, as mentioned above, eIDAS qualified certificates (PSD2 QWAC and/or QSEALC are specified in ETSI TS 119 495) to secure the communication between the banks and third parties.

PSD2 eco system

PrimeKey has since many years been working with TSPs in Europe and in December 2018 we had over 30 customers that are certified eIDAS Trust Service Providers. In our continuous customer dialogues, we have in the past 9-12 months gotten more and more requests from our TSP customers with regards to PSD2 and it is apparent that it will mean new business for them. Over hundred thousand organizations, Fintechs and banks, are right now involved in the support for, or development of, new services that are driven from new innovative online and mobile payments opportunities that have become possible with PSD2.

PrimeKey’s PKI platform EJBCA Enterprise 7.0.1, due end of February 2019, supports certificates required by PSD2 and together with our customers and partners we want to support innovation and best practices in the banking sector.

* European Commission

Read more

PrimeKey on eIDAS  

Malin Ridelius

Author

Malin Ridelius

Malin Ridelius joined PrimeKey in March 2018 as Product Marketing Director. Malin has been working in product management/marketing and business development roles at several security companies including Giesecke & Devrient, HID Global and Nexus. She has 20 years’ experience in PKI, digital identities and electronic signatures, smart cards and related solutions. Contact Malin: malin.ridelius@primekey.com  

Related blog and news

iStock-1058408164-scaled
2022-05-27
Blog post
IoT & IIoT security
Manufacturing

Securing the IoT at Scale: How PKI Can Help

Building design concept. Engineering of autonomous system of smart building. Drafting of communications of house. Project development of apartment house. Architectural drawing, blueprint of facade.
2022-05-13
Blog post
IoT & IIoT security
Manufacturing

How Product and Manufacturing Leaders Rate IoT Device Security in 2022

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.
Confirm choices Accept all