Onboarding
Note: PSD2PSD2 stands for Payment Services Directive 2 and is a new EU regulation in effect since September 14, 2019. It governs electronic and other non-cash payments.
The main provision of PSD2 is for Strong Customer Authentication (SCA), a process that seeks to make online payments more secure and reduce fraud while increasing authorisation rates.
The European Banking Authority (EBA) recently extended the deadline for PSD2 compliance until December 31, 2020. licensing requirements dictate that a TPP using
Qualified Third-Party Service Provider – a TPP authorized in their home country by the financial supervisory competent authority to provide services listed in the PSD2 directive. Qualified Certificates supporting PSD2 include information about the authorization number of the TPP, its home country’s supervisory competent authority and its roles. This information is verified by a Qualified Trust Service Provider (QTSP) when the TPP requests the certificate; after which, this information is included in the certificate for the purpose of identification by others. in good standing. QTSPs
Qualified Trust Service Provider – trust service that creates, verifies and validates electronic signatures, seals or time stamps, electronically-registered delivery services and certificates that are related to those services.
For a trust service to be considered a qualified trust service, the trust service must meet the requirements put forth in the eIDAS Regulation. are regulated to provide trusted digital certificates under the electronics Identification and Signature (eIDAS
Electronic Identification, Authentication and Trust Services – an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market.
See https://ec.europa.eu/ digital-single-market/en/discover-eidas for the rules and regulations.) regulation. A list of QTSPs supplying PSD2-compliant qualified certificates is available from Open Banking Europe.
To become QTPSP-eligible to use
- obtain authorization from a National Competent Authority to operate as a Payment Services Provider under each of the roles services you will provide (AIS
Account Information Service – supports TPP secure access to customer accounts and data, but only with the bank-verified consent of the customer., PIS
Payment Initiation Service – with the consent of the end-user, initiates a payment from a user-held account upon user authentication., and/or CBPII
Card Based Payment Instrument Issuer – a payment services provider that issues card-based payment instruments and allows its customers to pay from bank accounts.).
- obtain an eIDAS
Electronic Identification, Authentication and Trust Services – an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. See https://ec.europa.eu/ digital-single-market/en/discover-eidas for the rules and regulations.-compliant QSeal
Qualified Electronic Seal Certificate – a qualified digital certificate under the trust services defined in the eIDAS Regulation. A certificate for electronic seals makes it possible for the owner of the certificate to create electronic seals on any data. or QWAC
Qualified Web Authentication Certificate – certificate that validates your identity and role as a Payment Service Provider to your customers and other business, while encrypting and authenticating sensitive data. certificate or both.
In the meantime (presuming you don't yet have the necessary license and certificate), you can still work on SDK integration in our sandbox, a virtual testing environment in which you can interact with notional banks and money to validate your SDK integration before accessing real accounts in production. Then, when you're ready to go into production, you can provide Token with both a valid license and a certificate, both of which are electronically rechecked and verified throughout each business day, or you can choose to use Token's licence.
As previously mentioned, Token provides a virtual testing environment called the sandbox. This is where you can test your integration with notional banks and money before accessing real accounts at real banks.
Seven essential tasks comprise the initial onboarding process:
- Download and install the SDK in your IDE
- Set up the client
- Create a business member
- Add and verify an alias
- Load an existing member
- Set up a business member profile
- Manage your keys
Click a link in the list above to learn more about each step.