header image

How to identify Services Providers in #PSD2 acording to #eIDAS

On February 13th 2017 the EBA published its final draft on  Regulatory Technical Standards on strong customer authentication and secure communication under PSD2 The official status of the document is “Final draft adopted by the EBA and submitted to the European Commission”. This document is the basis of the one published by the Parliament after some parts of it will be ammended, but we still don´t know what will remain.

In this RTS draft, Article 29 states:

  1. For the purpose of identification, as referred to in point (a) of Article 21(1), payment service providers shall rely on qualified certificates for electronic seals as defined in Article 3(30) of Regulation (EU) No 910/2014  or for website authentication as defined in Article 3(39) of that Regulation.
  2. For the purpose of this Regulation, the registration number as referred to in the official records in accordance Annex III (C) of Regulation (EU) No 910/2014 shall be the authorisation number of the payment service provider issuing card-based payment instruments, the account information service providers and payment initiation service providers, including account servicing payment service providers providing such services, available in the public register of the home Member State pursuant to Article 14 of Directive (EU) 2015/2366 or resulting from the notifications of every authorisation granted under Article 8 of Directive 2013/36/EU in accordance with Article 20 of that Directive.
  3. For the purposes of this Regulation, qualified certificates for electronic seals or for website authentication referred to in paragraph 1 of this Article shall include in English additional specific attributes in relation to each of the following:
    1. the role of the payment service provider, which maybe one or more of the following: an account servicing payment service provider; a payment initiation service provider; an account information service provider; a payment service provider issuing card-based payment instruments
    2. the name of the competent authorities where the payment service provider is registered.
  4. The attributes referred to in paragraph 3 shall not affect the interoperability and recognition of qualified certificates for electronic seals or website authentication.

In general, such register is maintained by the Bank Authority (BA)  of every country. In Spain, the Registry is the Bank of Spain, which identifies every provider with a four digit number.

EADTrust is now ready to issue certificates for legal persons working in Fintech environments including identification acording with the above mentioned RTS draft and ETSI EN 319 412 standard.

According with these rules, the certificate serial number wil have this aspect: BA:COnumber. BA stands for Bank Authority, and CO is the 2-letters country identifier in ISO 3166-1 alpha-2 format. The number is the official registration number in the Bank Authority  for the payment related service provider.

For instance, BBVA will have this identification number accoding to #eIDAS and #PSD2: BA:ES0182 since it has the 0182 registration number as spanish bank in the Bank of Spain registry.

~ by jinza on May 12, 2017 .

Leave a Reply

You must be logged in to post a comment.