Jan 27, 2023

PSD2 Qualified Electronic Seal Certificate (QSealC) Onboarding Guide

Introduction

This guide outlines the ordering steps and vetting requirements for Qualified Certificates for Electronic Seals for PSD2.

Ordering Guidelines

1. Log in to GCC, click on the “Document, Code & Email Signing” Tab. Under the Qualified Certificates Icon and drop down, select Qualified Certificate for Electronic Seal PSD2.

   
   

2. Review the product details and click Next.

   Note: For HSM deployments, please check the box for “I have an externally generated CSR”. You will be prompted to provide the CSR during the installation process. Otherwise by default, the Certificate will be installed in the Microsoft Certificate Store.
   

3. Complete the Certificate Identity Details Page.

   •    Important: Provide the required NCA and Payment Service Provider (PSP) details obtained from the National Competent Authority (NCA). 
        Please see the examples below.
   •    Enter a subscriber email address for Certificate pickup and install purposes. Note: This email will not be included in the Certificate.

   

   Note: For reference only, please see the list of established NCAs below found in the dropdown on the ordering page.
   
   Initial List of NCA Identifiers provided by the European Banking Authority:

   

4. Confirm the Certificate order details and submit Payment.
   Note: You will be charged for the Certificate once Vetting is complete and the Certificate is ready to be issued.

Vetting Guidelines

Authorized Representative Validation

As part of the vetting process, we are required to perform a face-to-face verification of your Authorized Representative. This is usually carried out by a Third Party in accordance with national law. For this step, we will require the following:
Signed Personal Statement	Photo ID	Copy of Secondary Documentation	Notarization of your Application
A personal statement signed by the Authorized Representative. Will include certain attestations, including that the information contained in the Application and the Certificate Request is true and correct, and acceptance of our terms and conditions. We will send the form to your Authorized Representative to sign.	The Authorized Representative will need to bring a Government Issued Photo ID to the Third Party who performs the face-to-face validation. We provide a list with the acceptable documents.	We do not require a copy of your Authorized Representative’s Government Issued Photo ID for our files. Instead, we require copies of two Secondary documentations. We provide a list with the acceptable documents.	The Third Party will notarize your application. We will provide more information about who can carry out this notarization in your jurisdiction. We will send you the form the Third Party must use for this notarization.

Organization Validation

Don't worry, we will take care of this part of the validation. We will validate the information provided in the Certificate Request. We confirm most of these elements in our independent sources. We may reach out if more information is required.
Organization's Identity	Organization's Address	The Authority to represent the Organization	Organization's Authorization to Issue
This includes the Organization Full Legal name and the Organization Identifier. It also includes the Organization’s ability to do business, which is implied if the Organization has been in existence over three years.	We verify the physical address of your Organization. This is the address where the business operates, and can’t be a post box or a “care of” address.	We verify that the Authorized Representative has the authority to represent the Organization.	We check with the Authorized Representative that they approve the issuance of the Certificate.

PSD2 Attribute Validation

This section is relevant for PSD2 Certificates. This is a special type of Certificate, required by the Payment Services Directive, for Payment Service Providers who provide online services within the European Union. We will take care of this part of the validation, but may need some additional information.
NCA Information	Payment Provider Type	Payment Provider Number
A national competent authority in Europe with the designated authority to register and authorize Payment Service Providers.	There are only a limited number of types of Payment Service Providers: • Payment Initiation Services (PIS) for initiating credit transfers online. • Account Information Services (AIS) for providing consolidated account information online. • Card Based Payment Instruments Issuing (CBPII) for issuing instruments/acquiring transactions online.	A registration or authorization number that has been assigned to the Payment Service Provider by the National Competent Authority where the Payment Service Provider is registered or authorized.