Onboarding

Note: PSD2ClosedPSD2 stands for Payment Services Directive 2 and is a new EU regulation in effect since September 14, 2019. It governs electronic and other non-cash payments. The main provision of PSD2 is for Strong Customer Authentication (SCA), a process that seeks to make online payments more secure and reduce fraud while increasing authorisation rates. The European Banking Authority (EBA) recently extended the deadline for PSD2 compliance until December 31, 2020. licensing requirements dictate that a TPP using a bank's APIs must be and remain a QTPSPClosedQualified Third-Party Service Provider – a TPP authorized in their home country by the financial supervisory competent authority to provide services listed in the PSD2 directive. Qualified Certificates supporting PSD2 include information about the authorization number of the TPP, its home country’s supervisory competent authority and its roles. This information is verified by a Qualified Trust Service Provider (QTSP) when the TPP requests the certificate; after which, this information is included in the certificate for the purpose of identification by others. in good standing. QTSPsClosedQualified Trust Service Provider – trust service that creates, verifies and validates electronic signatures, seals or time stamps, electronically-registered delivery services and certificates that are related to those services. For a trust service to be considered a qualified trust service, the trust service must meet the requirements put forth in the eIDAS Regulation. are regulated to provide trusted digital certificates under the electronics Identification and Signature (eIDASClosedElectronic Identification, Authentication and Trust Services – an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. See https://ec.europa.eu/ digital-single-market/en/discover-eidas for the rules and regulations.) regulation. A list of QTSPs supplying PSD2-compliant qualified certificates is available from Open Banking Europe.

To become QTPSP-eligible to use a bank's APIs, you must:

  1. obtain authorization from a National Competent Authority to operate as a Payment Services Provider under each of the roles services you will provide (AISClosedAccount Information Service – supports TPP secure access to customer accounts and data, but only with the bank-verified consent of the customer., PISClosedPayment Initiation Service – with the consent of the end-user, initiates a payment from a user-held account upon user authentication., and/or CBPIIClosedCard Based Payment Instrument Issuer – a payment services provider that issues card-based payment instruments and allows its customers to pay from bank accounts.).
  2. obtain an eIDASClosedElectronic Identification, Authentication and Trust Services – an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. See https://ec.europa.eu/ digital-single-market/en/discover-eidas for the rules and regulations.-compliant QSealClosedQualified Electronic Seal Certificate – a qualified digital certificate under the trust services defined in the eIDAS Regulation. A certificate for electronic seals makes it possible for the owner of the certificate to create electronic seals on any data. or QWACClosedQualified Web Authentication Certificate – certificate that validates your identity and role as a Payment Service Provider to your customers and other business, while encrypting and authenticating sensitive data. certificate or both.

In the meantime (presuming you don't yet have the necessary license and certificate), you can still work on SDK integration in our sandbox, a virtual testing environment in which you can interact with notional banks and money to validate your SDK integration before accessing real accounts in production. Then, when you're ready to go into production, you can provide Token with both a valid license and a certificate, both of which are electronically rechecked and verified throughout each business day, or you can choose to use Token's licence.

As previously mentioned, Token provides a virtual testing environment called the sandbox. This is where you can test your integration with notional banks and money before accessing real accounts at real banks.

Seven essential tasks comprise the initial onboarding process:

  1. Download and install the SDK in your IDE
  2. Set up the client
  3. Create a business member
  4. Add and verify an alias
  5. Load an existing member
  6. Set up a business member profile
  7. Manage your keys

Click a link in the list above to learn more about each step.