Redirecting you to

PSD2 Seals - QSealC & Advanced Certificates

PSD2-compliant qualified and advanced seals for Enterprises, Businesses, and Organizations

Sectigo Seal For PSD2

Delivered Digitally

Sectigo Seal For PSD2 QSCD

Delivered on Qualified Physical Token

PSD2

Why do I need Qualified certificates for PSD2?


Under PSD2 (the European Union’s Revised Payment Service Directive) digital certificates are used to identify financial institutions including banks and PSPs (Payment Service Providers), to verify the roles for which they are licensed, to encrypt communications, and, in some cases, to provide tamperproof seals on data or transactions.

Due to the sensitivity of financial services transactions, the PSD2 Regulatory Technical Standards (RTS) specify that only eIDAS certificates issued by a Qualified Trust Service Provider (QTSP) may be used for the identification of PSPs.

What types of certificates do I need for PSD2 compliance?

PSD2 specifies two types of digital certificate for secure communications:

Qualified Website Authentication Certificate (QWAC) used with SSL/TLS protocol such as is defined in IETF RFC 5246 or IETF RFC 8446 to protect data in peer-to-peer communications and to identify who controls the end points.

Qualified Certificate for Electronic Seals (QSealC) create e-seals used to protect data or documents using standards such as ETSI’s PAdES, CAdES or XAdES, and assert their origin from a legal entity.

Validation and Issuance - IMPORTANT

Getting Your PSD2 Qualified Certificate

Once a certificate is ordered, you will be guided through the steps of passing the necessary validation checks so that your certificate can be issued. It's very important to understand the requirements for validation so your certificate can be issued as quickly as possible.

Typically the CSR, where required, is submitted with the order. A CSR is only needed for QWACs or certificates that will be installed by you on an HSM or other device.

Once the order is placed, you will receive the Subscriber Agreement email. Follow the instructions in the email to agree to the agreement, after which the Complete Your eIDAS Request page is displayed, where you can monitor the progress of your order. The page shows all the steps that need to be completed for Sectigo to be able to issue your PSD2 certificate.

The individual making the order must provide proof of their identity.

Face to face verification is used to verify your identity. This requires completion of the face-to-face form that will be provided to you by Sectigo, along with instructions for completing the form. The completed form must be notarized and accompanied by:

  • A notarized copy of government-issued photo ID.
  • Status of Author to verify the licensing status of the notary.

The email address used for the order is verified.

You will receive an email verification email. Follow the instructions in the email to verify your email address.

For orders made on behalf of an organization, proof that the signer of the agreement is an authorized representative of the organization is required.

As part of the verification, Sectigo verifies the phone number provided with the order. You will receive an email with instructions, and the process will involve a callback to the phone number that was verified as part of the organization identity.

The callback verifies the following:

  • The phone number is that of the organization.
  • The authenticity of the order and that it was placed by the organization.
  • The signature on the agreement is confirmed by the signer.
  • The authority of the signer to enter into an agreement.

For orders involving legal persons, Sectigo will verify the physical, legal, and operational existence of the organization.

As part of the verification, Sectigo verifies the organization details provided with the order, including:

  • the legal identity and existence of the organization
  • the physical existence of the organization
  • the operational existence of the organization

You may be required to provide additional documentation and receive callbacks.

For PSD2-compliant certificates, additional evidence that the organization is registered with and approved by the relevant NCA (National Competent Authority) is also required.