One solution to check all TPP certificates offline
To meet PSD2 security requirements, banks and TPP account information service providers make use of qualified website authentication certificates (QWAC) and electronic seals (QSealC) which authorise them to access sensitive customer data legitimately.
Given that different entities confirm their identity and authorisation and that a certificates’ validity has to be updated daily in a bank’s systems, there is a high risk that while a bank has correctly identified a TPP, the authorisation for certain services is no longer up to date.
Therefore, there has to be a two-part check process for every inquiry. This avoids any risk of unauthorised access and the related disclosure of confidential information as well as unauthorised payments being made.
So, how can you check a TPP certificate and ensure that its identity matches the request made by the TPP?
Our QWAC Assessor can run this test for you – quickly and offline.
Run either as a stand-alone web service or as part of an API gateway, QWAC Assessor confirms the identity and function (AIS, PIS, PIIS) of the TPP and validates the request while encrypting and checking confidential data.
We monitor the data that is imported into QWAC Assessor several times a day, and it’s only once the data is confirmed that the TPP receives the X2SA access they requested.
- Offline TPP checks without any timeouts
- Identity and authentication checks for PISP, AISP or PIISP
- Available as a stand-alone service or an integrated solution into a API gateway