Qualified Certificates for Website Authentication and Electronic Seals
The PSD2 Regulatory Technical Standards (RTS) lists specific security measures that financial institutions and payment service providers (PSPs) need to comply with under the law. All transactions must take place over secured channels and ensure authenticity and integrity of the data.
Qualified certificates for website authentication (QWAC) and qualified certificates for electronic seals (QSealC) are specifically prescribed by the RTS for authentication purposes, especially because they meet the data integrity and encryption requirements. This ensures:
- PSPs can identify themselves to financial institutions - both QWAC and QSealC authenticate the parties using the certificates
- Secure encryption for communications between all parties ensures confidentiality and integrity - QWAC uses SSL/TLS to encrypt sessions and protect data in transit
- All data actually came from the PSP identified in the certificate - QSealC identifies where the data came from and protects it from tampering