eIDAS meets PSD2: taking stock of the event

On 20th March “eIDAS meets PSD2: Securing access to financial services with qualified certificates” took place. It was a joint event with Open Banking Europe and ETSI, the EU telecommunication Standard Institution, one of the bodies recognised from the Commission for standards. The event was the opportunity to exchange information between the different players involved in the PSD2.
It was a huge success.

Session 1: Discussion on PSD2 meets eIDAS – Moving from regulation to operation
John Broxis, PRETA/Open Banking Europe
Gabor Bartha, European Commission DG Connect
Ann Borestam, European Central Bank

The active dialogue began with a panel moderated by John Broxis, Managing Director of PRETA the company that developed and launched Open Banking Europe, to explore opportunities and challenges of innovation in Europe. The discussion was led by Gabor Bartha, representing DG Connect, the entity responsible to carry out the Commission’s policies and Ann Borestam, representing the European Central Bank. After analysing the idea behind PSD2 to facilitate online shopping, the discussion focused to eIDAS: the set of standards for electronic identification and trust services for electronic transactions in the European Single Market necessary to the parties to identify themselves and necessary to overcome the national fragmentation.

Session 2: Background to PSD2 XS2A, eIDAS and Certificate profile – Payment service directive (PSD2) Context
John Broxis, Open Banking Europe
– eIDAS Qualified Trust Service Providers (QTSPs) and Qualified Certificates
Nick Pope, ETSI TC ESI
– Introduction to Qualifie Certificates Supporting PSD2
Michal Tabor, ETSI TC ESI

In the second session, John Broxis explained the background of PSD2 XS2A: “ASPSPs have the obligation to allow access to regulated entities, and block access to those that do not have access.” To do that, ASPSPs will have to use eIDAS certificates for Identification and National registers for the Authorisation of a party. In order to facilitate dialogue between parties, Open Banking Europe was launched to design a directory to hold standardised data on all regulated players because “only working together we will avoid fragmentation and meet the EU single area vision”.
Nick Pope took the floor explained the background of ETSI eIDAS standards and in particular the ones for QTSPs that can be issued for individuals or organisations in the form of Qualified Certificates for Seals (QCSEALs) or Qualified Website Certificates (QWACs).
The stable draft of the above mentioned PSD2 Qualified Certificate standard can be found here.
Michal Tabor made an introduction to PSD2 Qualified Certificate standard laying the groundwork for the following demo. He analysed the required data and policy requirements for the certificate issuance.

Session 3: Demonstration of the PSD2 Qualified Certificate registration experience and an example of secuiring end to end transaction with PSD2 certificates
Chris Kong, Azadian
Kornel Reti, Microsec
Luigi Rizzo, INfoCert

During this session, Chris Kong (Azadian), Kornel Reti (Microsec) and Luigi Rizzo (Info Cert) made a demo to explain and show concretely the required data, the certificate issuance and revocation. They made a comprehensive analysis of the qualified certificate and showed a real and live example of the certificate request process for a QSeal, the revocation that can be requested by the PSP or the NCA and the end of validity due to revocation of expiration of certificate.

Session 4: Roundtable on how eIDAS meets PSD2
John Broxis, PRETA/Open Banking Europe
Nick Pope, ETSI TC ESI

Participants :
Carmine Auletta, INfoCert SpA
Oliver Bieser, Deutsche Bank
Thomas Kopp, Luxtrust
Julie Connor, Bank of Ireland
Kornél Réti, Microsec
Christian Seegebarth, D-Trust GmbH
Michał Tabor, ETSI TC ESI
Elzbieta Wlodarczyk, National Clearing House Poland, KIR

A closing roundtable moderated by John Broxis, OBE and Nick Pope, ETSI, brought together InfoCert, Deutsche Bank, Kir, Luxtrust, Bank of Ireland, Microsec, D- Trust, ETSI and OBE to respond to key question the financial industry had about the practicalities of using eIDAS certificates for PSD2.
This focussed on the operational practicalities of getting certificates. Where do you get them, when will they be available, can they be obtained from QTSPs in other countries, how to get test certificates, are QTSPs ready to deal with different languages.

eIDAS certificates are real, working and will be available once the standard is complete in May. QTSPs are ready to offer services. Financial institutions need to start working to choose their strategies.
The event gathered together ASPSPs, TPPs, SPs, QTSPs and Competent Authorities and was the occasion to deepen the concepts behind PSD2 world and perspective of all involved players.

For further information about eIDAS meeting PSD2 or other related topics please contact us.
Presentations showed during the event can be found here

Video of the event can be found here