The D‑Trust PSD2 solution provides qualified digital certificates required for secure and legally compliant communication in the European open‑banking ecosystem. It enables banks and licensed third‑party providers to authenticate themselves at banking interfaces and to protect data exchanged via APIs. The solution is based on a regulated public key infrastructure and supports the issuance and lifecycle management of qualified website authentication certificates and qualified electronic seal certificates. It is designed to meet strict regulatory, security, and audit requirements in the financial sector.

Key Features

Qualified Website Authentication Certificates (QWAC) Authenticates organizations at banking interfaces.

• Cryptographic identification of banks and third‑party providers
• Encrypted communication at the transport layer

Qualified Electronic Seal Certificates (QSiegel) Ensures integrity and origin of transmitted data.

• Application‑level data protection
• Verifiable assignment of API requests

eIDAS‑Conform Trust Infrastructure Operates within European trust regulations.

• Issued by a qualified trust service provider
• Recognized across the European Union

Certificate Lifecycle Management Controls certificates throughout their validity.

• Issuance, renewal, and revocation processes
• Defined verification and approval workflows

Regulatory Role Information Includes authorization attributes in certificates.

• Embedding of regulatory roles
• Identification of licensed payment services

Benefits

PSD2 Compliance Supports mandatory regulatory requirements.

• Enables lawful access to banking APIs
• Supports open‑banking obligations

Secure Open Banking Communication Protects sensitive financial data.

• Encrypted and authenticated connections
• Reduced risk of manipulation or impersonation

Clear Trust Relationships Establishes verifiable identities.

• Transparent authentication of participants
• Reliable trust between banks and providers

Operational Reliability Supports stable financial infrastructures.

• Suitable for continuous productive operation
• Predictable and standardized security mechanisms

Audit and Governance Support Facilitates regulatory oversight.

• Traceable certificate usage
• Supports compliance documentation