PSD2 Seals - QSealC & Advanced Certificates

PSD2-compliant qualified and advanced seals for Enterprises, Businesses, and Organizations

A new regulatory standard in the EU mandates additional security measures for banks and Payment Service Providers, including the use of special Qualified digital certificates. Sectigo’s PSD2 and PSD2 QSCD seals provide secure authentication, data integrity, and fraud protection for financial transactions while maintaining compliance with both PSD2 and eIDAS regulations

700K

businesses on the

Sectigo platform

Sectigo Seal For PSD2

Delivered Digitally

$1,264

/ year

Up to 16% off with multi-year.

Sectigo Seal For PSD2 QSCD

Delivered on Qualified Physical Token

$1,324

/ year

Up to 16% off with multi-year.

4.8

Trusted leader in comprehensive CLM solutions

What types of certificates do I need for PSD2 compliance?

PSD2 specifies two types of digital certificates that can be used for secure communications between financial institutions and Payment Service Providers:

Qualified Website Authentication Certificate (QWAC): used with SSL/TLS protocol as defined in IETF RFC 5246 or IETF RFC 8446 to protect data in peer-to-peer communications and to identify who controls the end points.

Qualified Certificate for Electronic Seals: used to create qualified electronic seal certificates (e-seals) that protect digital data and documents. Following ETSI standards such as PAdES, CAdES, and XAdES, QSealCs assert their origin from a legal entity.

Why do I need Qualified certificates for PSD2?

Under PSD2 (the European Union’s Revised Payment Service Directive) digital certificates are used to identify financial institutions including banks, and PSPs verify the roles for which they are licensed, encrypt communications, and, in some cases, provide tamperproof seals on data or transactions.

Due to the sensitivity of financial services transactions, the PSD2 Regulatory Technical Standards (RTS) specify that only eIDAS certificates issued by a Qualified Trust Service Provider (QTSP) may be used for the identification of PSPs.

Validation and Issuance - IMPORTANT

Getting Your PSD2 Qualified Certificate

Once a certificate is ordered, you will be guided through the necessary validation checks so your certificate can be issued in a timely manner. Understanding these requirements in advance helps prevent delays and streamlines the process.

Submitting Your CSR

Typically the CSR, where required, is submitted with the order. A CSR is only needed for QWACs or certificates that will be installed by you on an HSM or other device.

Once the order is placed, you will receive the Subscriber Agreement email. Follow the instructions in the email to complete the agreement. Afterward, the Complete Your eIDAS Request page will be displayed, allowing you to monitor your order's progress and view the remaining steps required for Sectigo to issue your PSD2 certificate.

Face to Face Verification

The individual making the order must provide proof of their identity.

Face to face verification is used to verify your identity. This requires completion of the face-to-face form that will be provided to you by Sectigo, along with instructions for completing the form. The completed form must be notarized and accompanied by:

A notarized copy of government-issued photo ID.
Status of Author to verify the licensing status of the notary.

Email Verification

The email address used for the order must be verified. You will receive an email verification request with instructions to confirm your email address.

Signer Verification

For orders made on behalf of an organization, proof that the signer of the agreement is an authorized representative of the organization is required.

As part of the verification, Sectigo will verify the phone number provided with the order. You will receive an email with instructions, and the process will involve a callback to the phone number that was verified as part of the organization identity.

The callback verifies the following:

The phone number is that of the organization.
The authenticity of the order and that it was placed by the organization.
The signature on the agreement is confirmed by the signer.
The authority of the signer to enter into an agreement.

Organization Validation

For orders involving legal persons, Sectigo will verify the physical, legal, and operational existence of the organization.

As part of the verification, Sectigo verifies the organization details provided with the order, including:

The legal identity and existence of the organization
The physical existence of the organization
The operational existence of the organization

You may be required to provide additional documentation and receive callbacks.

Second Approval

For PSD2-compliant certificates, additional evidence that the organization is registered with and approved by the relevant NCA (National Competent Authority) is also required.