Qualified certificates for payment service providers enabling the provision of these services under PSD2.
The EU Directive PSD2 (Payment Services Directive II) on payment services in the internal market was implemented by Poland on 20 June 2018 as an amendment to the Act on Payment Services. The directive opens the financial market to non-bank entities (Third Party Providers, TPP), which, with the customer's consent, will be able to initiate a payment and obtain data regarding the customer's bank account, for example the transaction history. The PSD2 directive provides for the need to secure communication between payment institutions to ensure the integrity and authenticity of the transmitted data. This means that from 2019, every entity exchanging such information shall use special qualified eIDAS certificates:
It is an electronic credential, which links electronic seal validation data to a legal entity and confirms the name of that entity and is issued by a qualified trust service provider.
- qualified website authentication certificate
This is a credential, which authenticates websites and assigns a website to an individual or a company and is issued by a qualified trust service provider.
Certificates with a validity period of from 1 year to 2 years can be obtained by any entity, which obtains permission from the Polish Financial Supervision Authority to provide services under PSD2. KIR offers both types of certificates. The procedure for ordering certificates with PSD2 data is available here. Certificates with PSD2 data can be obtained electronically without the need to visit a KIR branch. The condition is to send an e-mail request with a qualified electronic signature, which is verified with a qualified certificate of the person authorised to receive the certificate indicated in the order. The prepared certificate will be sent back to the authorised person by e-mail. Certificates issued by KIR have special extensions to PSD2 required by the technical specification ETSI TS 119 495 v 1.2.1 (Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; Qualified Certificate Profiles and TSP Policy Requirements under the Payment Services Directive (EU) 2015/2366).