TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / An Introduction to the Regulatory Technical Standards for Strong Customer Authentication – Part 1: eIDAS

An Introduction to the Regulatory Technical Standards for Strong Customer Authentication – Part 1: eIDAS

November 09, 2020

A major challenge faced by the EU in the creation of a Digital Single Market is finding the right balance between processes that can be harmonized and standardized and those that need to remain flexible to cater to the demands of the various Member States.

It is clear that eIDAS has been designed not only keeping this mind, but actually by taking it as the fundamental guiding principle during its creation.

eIDAS has been designed to allow for seamless (cross-border) operations while ensuring technological neutrality and flexibility in terms of how its minimum standards need to be met. The Regulatory Technical Standards for Strong Customer Authentication were released to supplement the PSD2 Directive and they also supplement the provisions of the eIDAS Regulation.

Main elements of the Regulatory Technical Standards

The Regulatory Technical Standards (RTS) are a Commission Delegated Regulation. They cover four broad areas:

  • Defining the requirements for achieving Strong Customer Authentication (SCA) in accordance with PSD2 and eIDAS. SCA requires the verification of the user elements which relate to possession, knowledge and/ or inherence. SCA is a central element for both eIDAS and PSD2 and the Regulatory Technical Standards shed light on their appropriate usage, the need to maintain their independence from each other and other related aspects.
  • Specifying the conditions for exemptions from SCA in certain specific situations. Achieving SCA obviously has a time and monetary cost associated with it, both of which will not only affect the payment service provider but the end customer as well. Therefore, there are certain conditions under which SCA may not be required – like for small amounts or recurring transactions. However, there is a dynamic element here as well and service providers are required to perform real time transaction risk analysis and insist on SCA even for  exempt cases in case of an adverse alerts.
  • Protecting the end user from having his or her security credentials compromised in any way. RTS specifies multiple requirements to ensure this – like masking and encrypting security credentials and adequately protecting cryptographic materials from unauthorized access.
  • Establishing common standards for things like open and secure communications between various parties involved in a transaction. RTS mandates elements like session IDs, timestamps, transactional logging, ensuring traceability etc. The flow of communication between Payment/ Information Service Providers, customers and other involved parties is also a fundamental security requirement and is covered by RTS.

eIDAS and RTS

RTS mandates the use of eIDAS defined qualified certificates and seals for identification. It states that “To improve user confidence and ensure strong customer authentication, the use of electronic identification means and trust services as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council should be taken into account, in particular with regard to notified electronic identification schemes”.

This is obviously a crucial element necessary for the smooth operation of the larger machine. The use of eIDAS enabled electronic identification means and trust services in ensuring Strong Customer Authentication makes these two directives complement each other pretty well and takes us further along the path to a Digital Single Market.

New call-to-action

References and further reading

  • Selected Articles on eIDAS (2018 – today), by Gaurav Sharma, Dawn Turner, Utimaco and more
  • Selected Articles on PSD2 (2018 – today), by Gaurav Sharma, David McNeal, Utimaco and more
  • REGULATION (EU) No 910/2014  on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market and repealing Directive 1999/93/EC (28.8.2014), by the European Parliament and the Council
  • COMMISSION DELEGATED REGULATION (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 with regard to Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication (27.11.2017), by the European Parliament and the Council
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Ascertia - Utimaco Hardware Security Modules Partner Komar Consulting Inc. - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd. PETA (Thailand) Co., Ltd. VAR Group SpA - Utimaco Hardware Security Modules Partner MIcrosec CewTec S.A. Utimaco HSM - PTESA_profesionales en transacciones electronicas Cogito Group Pty Ltd cv cryptovision GmbH Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Real security d.o.o. MTG - Utimaco Hardware Security Modules Partner MALKOM D.Malińska i Wspólnicy s.j. PrimeKey Labs GmbH AKEA S.A. - Utimaco Hardware Security Modules Partner Safesoft Kft. E-Sign S.A. Cryptomathic A/S Utimaco HSM - InfoGuard Swiss Cyber Security Fornetix - Utimaco Hardware Security Modules Partner Altacom UAB Compumatica secure networks B.V. Thomas-Krenn.AG Compumatica secure networks GmbH Telegrupp AS intarsys AG Cryptomathic GmbH Fortiedge Pte Ltd. Cryptomathic Inc. Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Versasec Encryption Consulting LLC Clearkey Consulting - Utimaco Hardware Security Modules Partner Baas Control s.r.o. JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Primekey Solutions AB Nexus - Utimaco Hardware Security Modules Partner Perceptus-sp.-z-o.-o. Nexus Technology GmbH PKI Solutions Inc. Microexpert Limited Cyber Armor Pte Ltd Softline Solutions GmbH CertiSur S.A. Abrantix AG Macroseguridad ESYSCO Sp. z o.o. CREA plus d.o.o. Utimaco HSM - QuintessenceLabs Rohde & Schwarz Cybersecurity GmbH CEGA Security Envoy Data Corporation - Utimaco Hardware Security Modules Partner IQuantics Corp CREAplus Italia S.r.l Nexus - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research