Salt Edge is the first Open Banking vendor to add the support of eIDAS PSD2 certificates in its system for TPP identification when they access ASPSPs’ channels. Now, the company’s clients that act as payment service providers (AISP, PISP, PIISP, ASPSPs) and that use Salt Edge as a technical service provider (TSP) are able to generate certificate requests and upload signed eIDAS certificates into the clients’ dashboard.
The PSD2 Regulatory Technical Standard (RTS) specifies that TPPs should be able to use a certificate issued by any eIDAS Qualified Trust Service Provider (QTSP) in order to identify and authenticate themselves when accessing ASPSP channels. And, Salt Edge is the first Open Banking TSP that has implemented a self-service generation of Certificate Signing Request (CSR) for test and live usage in its system. The platform supports the generation of both QWAC and QSEAL eIDAS certificates signature requests. This implementation meets the strict PSD2 requirements and helps with maintaining the highest level of security in the new Open Banking era.
In its Opinion on the use of eIDAS certificates under the RTS on SCA and CSC, European Banking Authority (EBA) advises the TPPs that use TSPs (e.g. Salt Edge) to create and use a separate eIDAS certificate for each TSP. This should ensure business continuity and better risk management, because the legitimacy of one certificate would not be affected by the expiration/revocation of any other. As Salt Edge strives to offer highly secure and reliable service, the company will support the usage of dedicated eIDAS certificates.
The whole process of eIDAS certificate generation requires a few easy steps:
- Generate a CSR in the Salt Edge client dashboard (separate CSRs are generated for each type of certificates, i.e. QWAC and QSEAL);
- Send the generated CSR file to QTSP for issuing the eIDAS certificate;
- Upload the signed eIDAS certificate in the client dashboard for the corresponding CSR.
Salt Edge has built this system after consulting with numerous QTSPs and made sure to set up the most optimal and seamless flow of eIDAS certificate usage for its clients. Licensed TPPs are encouraged to already start this simple and secure journey via Salt Edge platform and get one step closer to a successful PSD2 project implementation.