Qualified Website Authentication Certificates (QWAC)
PSD2 certificates require the applicant to provide the following information:
A third-party provider that wants to access customer bank accounts within the EU or their associated data needs to obtain a license and unique PSD identifier from its National Competent Authority (NCA) in the EU member state with regulatory authority over the third-party provider. There are different types of licenses that each determine the data access rights or “roles” of the third-party provider in accordance with their business model.
A third-party provider that wants to gain access to bank accounts, and a bank that is providing third-parties with access to customer account data, must each identify themselves with one or more PSD2 certificates, which are built on the foundation of Qualified Web Authentication Certificates (QWACs). Entrust EU will offer both types of certificates.
Banks must also make an API available to Third-Party Providers that enables access to customer bank accounts or account information. A bank’s identity will be confirmed through its own Qualified Website Certificate.
Before applying for a PSD2 certificate a third party must first register as a payment service provider with its National Competent Authority (NCA). After the third party receives its NCA license, Entrust EU can then complete verification (including all verification required for Extended Validation or EV certificates) and issue the third party with a PSD2 certificate.