This is custom heading element

The European Union Directive PSD2 (Payment Service Directive 2) announced in 2016 implements an open banking API on European market, enabling third parties to initiate payments and access to the client’s bank accounts. The directive and regulatory standards require that all transactions should be processed via secure channels and that all the data should be protected in terms of authenticity and integrity.

This is custom heading element

To meet security requirements, banks (or generally the account servicing payment service provider – ASPSP) and external PSD2 service providers (Third Party Provider, TPP) will use qualified certificates for websites (QWAC) and qualified certificates for electronic seal (QSealC). These certificates will be issued by qualified trust service providers (QTSP) based on the new technical standard ETSI TS 119 495, which was published in May, 2018.

This is custom heading element

The QWAC and QSealC certificates described above must be qualified in accordance with the EIDAS Regulation. In order to validate the qualified EIDAS certificate, the validating entities must significantly extend the validation tools. Among others, following challenges must be addressed:

Considering mentioned above, it is not possible to use standard tools to validate the certificate, based on hardware solutions such as NetScaler or F5.

This is custom heading element

Besides certificates validation, before transaction ASPSP must confirm that TPP:

Verification of the above mentioned requirements is possible by confirming the actual state in the registers kept by the competent national authority. The option it is to query the EBA register which needs to be updated on a regular basis by the competent national authority due to the PSD2 directive.

This is custom heading element

In order to meet the RTS requirements (article 33 and 34) beneath there are requirements that ASPSP should implement:

The APILogic TPP Validator through the provided functionality supports the implementation of the requirements described in Article 33 and 34 of Commission delegated regulation 2018/389 (RTS)

This is custom heading element

This is custom heading element

APILogic TPP Validator is a software for checking certificates and the status of a license or entry in the register of payment institutions. APILogic Validator performs its services in accordance with European legislation. In particular APILogic TPP Validator supports the eIDAS Regulation, the PSD2 Directive and other related standards.

This is custom heading element

This is custom heading element

This is custom heading element

APILogic TPP Validator has a PROXY module that validates the certificate before forwarding the request to the emergency interface. Thus, it provides the requirements of article 33 and 34 of the RTS standard.

This is custom heading element

In this model, APILogic TPP Validator provides REST services that validate PSP requests forwarded to the API Gateway. The API Gateway calls the APILogic TPP Validator to validate the certificate and the PSP license before passing the request to the actual PSD2 services.

This is custom heading element

This is custom heading element

This is custom heading element

This is custom heading element

CALL ME
+
Call me!