PSD2-compliant qualified and advanced seals for Enterprises, Businesses, and Organizations
Delivered Digitally
Delivered on Qualified Physical Token
Why do I need Qualified certificates for PSD2?
Under PSD2 (the European Union’s Revised Payment Service Directive) digital certificates are used to identify financial institutions including banks and PSPs (Payment Service Providers), to verify the roles for which they are licensed, to encrypt communications, and, in some cases, to provide tamperproof seals on data or transactions.
Due to the sensitivity of financial services transactions, the PSD2 Regulatory Technical Standards (RTS) specify that only eIDAS certificates issued by a Qualified Trust Service Provider (QTSP) may be used for the identification of PSPs.
PSD2 specifies two types of digital certificate for secure communications:
Qualified Website Authentication Certificate (QWAC) used with SSL/TLS protocol such as is defined in IETF RFC 5246 or IETF RFC 8446 to protect data in peer-to-peer communications and to identify who controls the end points.
Qualified Certificate for Electronic Seals (QSealC) create e-seals used to protect data or documents using standards such as ETSI’s PAdES, CAdES or XAdES, and assert their origin from a legal entity.
Getting Your PSD2 Qualified Certificate
Once a certificate is ordered, you will be guided through the steps of passing the necessary validation checks so that your certificate can be issued. It's very important to understand the requirements for validation so your certificate can be issued as quickly as possible.
Typically the CSR, where required, is submitted with the order. A CSR is only needed for QWACs or certificates that will be installed by you on an HSM or other device.
Once the order is placed, you will receive the Subscriber Agreement email. Follow the instructions in the email to agree to the agreement, after which the Complete Your eIDAS Request page is displayed, where you can monitor the progress of your order. The page shows all the steps that need to be completed for Sectigo to be able to issue your PSD2 certificate.
The individual making the order must provide proof of their identity.
Face to face verification is used to verify your identity. This requires completion of the face-to-face form that will be provided to you by Sectigo, along with instructions for completing the form. The completed form must be notarized and accompanied by:
The email address used for the order is verified.
You will receive an email verification email. Follow the instructions in the email to verify your email address.
For orders made on behalf of an organization, proof that the signer of the agreement is an authorized representative of the organization is required.
As part of the verification, Sectigo verifies the phone number provided with the order. You will receive an email with instructions, and the process will involve a callback to the phone number that was verified as part of the organization identity.
The callback verifies the following:
For orders involving legal persons, Sectigo will verify the physical, legal, and operational existence of the organization.
As part of the verification, Sectigo verifies the organization details provided with the order, including:
You may be required to provide additional documentation and receive callbacks.
For PSD2-compliant certificates, additional evidence that the organization is registered with and approved by the relevant NCA (National Competent Authority) is also required.
