tppWise – eIDAS & TPP Validation

PSD2 Compliance

“Article 34 of PSD2 RTS -For the purpose of identification, payment service providers shall rely on qualified certificates for electronic seals or for website authentication”

“Article 5 of PSD2 Directive (EU) 2015/2366 requires all TPPs to be regulated & authorised by National Component Authorities (NCA)”

PSD2 mandate TPPs must register with home NCA and acquire authorisation for the desired regulated roles and obtain eIDAS certificates from Qualified Trust Service Provider (QTSP). ASPSP (bank) must check the TPP's eIDAS cert & NCA authorisation before granting them access for Account or Payment resources. This model put a lot of technical complexity on ASPSP on eIDAS validation with relevant QTSP & also there are 31 NCAs with no standard interface

tppWise - Solution

Our eIDAS validation is developed as an extension to European Digital Signature Services. The extension covers PSD2 specific standards. Our Primary server sync up with all European member states Trust List of Trust Service providers. It includes checking certificate validity, its expiry, QTSP validity and revocation list. Check our eIDAS Diagnostic Tool for validating PSD2 eIDAS certificates.

Our TPP validation service is based on PRETA's Open Banking Europe - the PAN-European directory service trusted by biggest credit institutions across Europe. PRETA's effort is unparalleled in this market - seamless connection to all 31 member state National Competent Authorities. Our Primary server is fully certified by PRETA and meets all SLA requirements.

tppWise solution also offer Replica Servers which can be deployed locally (co-located) on-premise for low latency. Replica Server sync up with our primary server on the cloud.

Explore our developer portal for eIDAS and TPP authorisation validation

Try our eIDAS Parser & Diagnostic Report Tool

How OBE integration works?

PRETA’s Open Banking Europe Directory provides a single & compliant source of standardised information about active Regulated Entities that can perform Access to Account (XS2A) services in Europe.

Banfico is official Directory Distributor for Open Banking Europe & we provide TPP Directory Service through our high available SaaS service - tppWise

ASPSP registers on our tppWise developer portal and create an app to validate eIDAS certificates and to consume Regulated Data APIs. tppWise server syncs up with all QTSP LOTL certificates and also regulated entity cache is synchronised with OBE Directory.

ASPSP make a callout to our tppWise to validate eIDAS/TPP authorisations and enforce access controls.

Features

  • eIDAS & TPP validation – a simple API to validate both eIDAS and TPP authorisation
  • eIDAS Diagnostic API – help to validate and parse eIDAS certificate
  • Regulatory Data API – Check validation of TPP using an easy to use Data API
  • Real-Time Updates - Critical Regulatory Data changes are updated in our cache
  • Versioning & Audit Log - Easily compare, monitor, and track the historical Regulated Entity, ASPSP, and TPP Data changes
  • TPP Operational Data - Access the Directory’s TPP Data if you are an ASPSP user, for the latest support contacts
  • Availability – Highly scalable & resilient implementation on the cloud
  • Cost-effective

Whitepaper

Please download a whitepaper to learn more about our TPP Directory Service provided us.

GET WHITEPAPER