TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / eIDAS & strong customer authentication under PSD2

eIDAS & strong customer authentication under PSD2

November 09, 2020

Since the beginning of 2018, PSD2 or the 2nd Payment Services Directive is national law in all EU member states. Some countries have implemented the new directive early on, such as Germany and the UK, but for some it is still work in progress today.

The Second Payment Services Directive focuses on providing access for non-banking third party providers (TPP) to bank customer account information (after the customer’s approval, of course). You may have heard of “open banking” or “open APIs” – this is the facilitator for PSD2. For the first time, TPPs may access account information, confirm availability of funds and even initiate payment transactions.

In today’s blog post, we will take a closer look at the link between PSD2 and the European eIDAS regulation, the latter of which a number of previous blog posts were focused on: local vs remote signing, sole control of signing keys, eIDAS for banking & financial services.

eIDAS offers a comprehensive toolset for secure cross border identification and transactions, in this case, online financial and payment transactions.

  • Qualified website authentication certificates securely identify the (payment) service provider behind a website and confirm it is a trustworthy page to connect and log in to.
  • Qualified electronic seals can proof origin and integrity of information or documents made available by a company.
  • Means of electronic identification (eID) which play a vital role for strong authentication mechanisms as required under PSD2.

New call-to-actionLet’s dive into the concept of Strong Customer Authentication (SCA) a little more. In the context of PSD2, the European Commission will introduce a Delegated Regulation on Regulatory Technical Standards (RTS) by September 2019. It applies to customer-initiated online payments within the European Economic Area and provides a technical framework for secure authentication and communication. SCA requires businesses to work with two independent authentication mechanisms of different nature to execute a customer’s payment transaction. This is of great importance when open banking APIs are in play, where banks must be able to securely identify customers (i.e. process of authentication) for compliance with PSD2. “Something the customer knows / has / is” shall be used in combination. The eID, with its cross-border usage and recognition as governed by the eIDAS regulation, can constitute an authentication mechanism based on what a user has (eID card) and knows (PIN).

The Regulatory Technical Standard also requires qualified certificates for electronic seals and website authentication, as described above and defined by eIDAS.

New call-to-actionWhen opening a bank account, the payment service provider can attach their electronic seal to all documentation provided to the future customer. In the following, the customer’s identity must be verified under the AML4 directive, which can be done by means of a notified eID throughout Europe. For contract signing, in the next process step, a qualified electronic signature may be required when the contract is signed remotely. For account login, SCA is required in certain cases, while it is mandatory for most cases of transaction authorization and payment initiation.

A number of exemptions exist for SCA mechanisms, such as low value transactions, the same recurring payments to the same recipient or payments to trusted beneficiaries listed with the customer’s bank.

Utimaco HSMs support all the above-mentioned trust services required by PSD2 and the related RTS. If you have any questions or require assistance evaluating your security needs, please do not hesitate to reach out to us.

A first version of this article was published on December 07, 2018

New call-to-action

References and further readings

  • Seven things you probably should know about PSD2, but were never told (January 2018), by Myles Stephensen  
  • Strong Customer Authentication – What internet businesses need to know about SCA (November 2018) by Michael Cocoman & Olivier Godement  
  • eIDAS in the European Financial Sector – Use cases and compliance (September 2016), by Ulrike Linde
  • Vertrauensdienste gemäß eIDAS und PSD2 – BITKOM Roundtable Digitale Identitäten & Banking – smart, secure, usable, Frankfurt (March 2017), by Dr. Kim Nguyen, Fellow Bundesdruckerei, Managing Director D-Trust GmbH
  • Discussion Paper on future Draft Regulatory Technical Standards on strong customer
    authentication and secure communication under the revised Payment Services Directive (PSD2) (December 2015), by the European Banking Authority EBA
  • Green Paper on retail financial services: better products, more choice, and greater opportunities for consumers and businesses (2015), by the European Commission
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

intarsys AG MTG - Utimaco Hardware Security Modules Partner Baas Control s.r.o. Cryptomathic A/S Rohde & Schwarz Cybersecurity GmbH cv cryptovision GmbH CewTec S.A. CREA plus d.o.o. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd. JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Altacom UAB Real security d.o.o. Microexpert Limited E-Sign S.A. PKI Solutions Inc. Abrantix AG Envoy Data Corporation - Utimaco Hardware Security Modules Partner Thomas-Krenn.AG EUROPEAN DYNAMICS SA. Fortiedge Pte Ltd. Utimaco HSM - QuintessenceLabs Cryptomathic Inc. Ascertia - Utimaco Hardware Security Modules Partner Nexus Technology GmbH Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner MALKOM D.Malińska i Wspólnicy s.j. Softline Solutions GmbH Versasec PETA (Thailand) Co., Ltd. AKEA S.A. - Utimaco Hardware Security Modules Partner CertiSur S.A. Utimaco HSM - PTESA_profesionales en transacciones electronicas Cogito Group Pty Ltd Safesoft Kft. IQuantics Corp Macroseguridad Fornetix - Utimaco Hardware Security Modules Partner Cryptomathic GmbH Nexus - Utimaco Hardware Security Modules Partner Telegrupp AS Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Compumatica secure networks B.V. VAR Group SpA - Utimaco Hardware Security Modules Partner Utimaco HSM - InfoGuard Swiss Cyber Security CREAplus Italia S.r.l Primekey Solutions AB ESYSCO Sp. z o.o. Perceptus-sp.-z-o.-o. MIcrosec Cyber Armor Pte Ltd Compumatica secure networks GmbH CEGA Security Encryption Consulting LLC
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research