PSD2: the second Payment Service Directive designed by the European Commission
With a September 2019 deadline, time is now running out for Banks and Payment Service Providers (PSP) who need to comply with PSD2. This Directive requires that all transactions to be handled through secure channels and all data shall be protected concerning authenticity and integrity. These two requirements can be met by using a Qualified Website Authentication Certificate (QWAC) PSD2 and/or a Qualified electronic Seal Certificate (QSealC) PSD2. Both types of certificates MUST be validated using the European Members States Trusted Lists (in contrast to using trust stores of the underlying OS or Browser).
- Improve security of payment
- Ensure better consumer protection
- Taking into account modern payment methods like mobile payment and online payment
- Keep growing innovation in the payment space
Finding the right Qualified Certificates directly supporting PSD2 for you
To help companies to comply with this Directive, LuxTrust offers both Qualified Certificates PSD2:
- The Qualified Website Authentication Certificate (QWAC) PSD2, which allows both parties (Banks and Payment Service Providers) to identify each other and build a secure channel for performing transactions. This secure channel protects confidentiality, authenticity and integrity of data sent over the channel. The approach is suitable when traversing a single network path between communicating payment service providers.
- The Qualified electronic Seal Certificate (QSealC) PSD2, which allows sealing of all content, including all data and transaction requests and confirmations. This protects authenticity and integrity of sent payload. This approach is suitable when traversing multiple network paths between communicating payment service providers.
Test certificates are available and can be requested via firstname.lastname@example.org.
In addition, LuxTrust also offers solutions to seal in PSD2 mode and validate PSD2 sealed content as well as QWAC.
- Qualified Trust Service Provider (QTSP) on the EU Trusted List
- Solutions especially developed to meet PSD2 requirements
- Strong Customer Authentication (SCA) solutions (Mobile App, Token, Smartcard and Signing Stick); PSD2 compliant, recognized and validated by the CSSF (Commission de Surveillance du Secteur Financier in Luxembourg)
- Experts in the PSD2 field
- Offer technical and compliance assistance