Certificates for PSD2
Qualified certificates for payment service providers enabling the provision of these services under PSD2.
The EU directive PSD2 (Payment Services Directive II) on payment services in the internal market was implemented by Poland on June 20, 2018 as an amendment to the Payment Services Act. The directive opens the financial market to non-banking entities (Third Party Providers, TPP), who – with the customer's consent – will be able to initiate a payment and obtain data concerning his/her bank account, e.g. transaction history.
The PSD2 directive provides for the necessity to secure the communications between payment institutions in such a way as to ensure the integrity and authenticity of data transferred. This means that starting from 2019 every entity exchanging such information is obligated to used special eIDAS qualified certificates:
This is an electronic attestation associating data used for electronic seal validation with a legal person and confirming that person's name, issued by a qualified trust service provider.
This is an attestation enabling website authentication and attributing a website to a natural or legal person, issued by a qualified trust service provider.
Certificates with validity periods from 1 year to 2 years can be received by every entity that obtains a permit for the provision of services under PSD2 from the Polish Financial Supervision Authority. KIR offers both types of certificates. Certificates can be ordered at the website of the Szafir on-line store. Procedure for ordering certificates for PSD2 at KIR is provided here.
Certificates with data for PSD2 may be received electronically, with no need to visit a KIR branch. What is required is sending, by e-mail, a request signed with a qualified electronic signature, verified by means of a qualified certificate of a person authorized to collect the certificate, indicated in the order. The prepared certificate will be sent back by electronic mail to the authorized person.
The certificates issued by KIR have special extensions to PSD2, required by the technical specification ETSI TS 119 495 v 1.2.1. (Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; Qualified Certificate Profiles and TSP Policy Requirements under the Payment Services Directive (EU) 2015/2366).
What do I need to order a certificate at KIR?
- valid contract for the provision of trust services
- indication of the person authorized to collect the certificate
- confirmation of identifiers given by a competent authority
- purchase order signed by persons authorized to represent the bank (in paper form or electronically with a qualified signature)