PSD2 Qualified Website Authentication Certificate
PSD2-compliant Qualified Website Authentication Certificates (QWAC) for Enterprises, Businesses, and Organizations
A PSD2 QWAC ensures secure communication and compliance with the Payment Services Directive (PSD2) across the European Union. These digital certificates encrypt sensitive financial data and authenticate banking entities and third-party Payment Service Providers (PSPs), enabling secure and trusted transactions.
Company Facts
businesses on the
Sectigo platform
market leader
in SSL certificates
certificates issued worldwide
of Fortune 1000
companies use Sectigo
Sectigo QWAC Legal For PSD2
Delivered digitally.
Up to 16% off with multi-year.
Sectigo QWAC Legal For PSD2 Multi-Domain License
Delivered digitally.
Up to 16% off with multi-year.
Trusted leader in comprehensive CLM solutions
PSD2 Compliance with QWACs
- Where is it used? Identifies end points, protects data during communication
- What are the security
features?
Confidentiality, authentication, and
integrity
- Is data protected when passed through an intermediary? Protects in direct peer-to-peer communications
- What else is needed for compliance? Qualified Certificate for Electronic Seals (QSealC) are another type of digital certificate needed for secure communications
PSD2 QWAC Certificates
The Payment Services Directive / PSD2 is a regulatory framework that ensures secure payments across the European Union. PSD2-compliant QWACs are SSL/TLS certificates that encrypt sensitive data and authenticate banking entities and third-party PSPs for trusted commerce transactions on websites.
Sectigo is an accredited Qualified Trust Service Provider (QTSP) and issues eIDAS certificates, including QWACs. Once these types of certificates are ordered, Sectigo validates the identity that is named in the certificate through a series of checks that conform to the PSD2 Regulatory Technical Standards (RTS) and the policies of the eIDAS regulation. These digital certificates require a PSD2 authorization number be provided by a National Competent Authority (NCA) before the issuer can move forward.
The certificate is then created, and paired with a private key that is installed on a server (QWAC), HSM or other SCD. This prevents the key from being duplicated, stolen, or otherwise used maliciously. In the case of certificates provided by Sectigo on a SCD or QSCD, the keys are created and installed on the device by Sectigo.
Getting Your PSD2 Certificate
After placing your order, you will be guided through the required validation checks before your certificate can be issued. Understanding these requirements in advance helps streamline the process and avoid delays.
When required, the Certificate Signing Request (CSR) is submitted at the time of order. A CSR is only necessary for QWACs or certificates that will be installed on an HSM or another secure device.
Once the order is placed, you will receive the Subscriber Agreement email. Follow the instructions in the email to agree to the agreement. After this the Complete Your eIDAS Request page is displayed, where you can monitor the progress of your order. The page shows all the steps that need to be completed for Sectigo to be able to issue your certificate.
Since the individual making the order must provide proof of their identity, face-to-face verification is used as verification.
This requires completion of the face-to-face form that will be provided to you by Sectigo, along with instructions for completing the form. The completed form must be notarized and accompanied by:
- A notarized copy of government-issued photo ID.
- Status of Author to verify the licensing status of the notary.
The email address provided with the order must be verified. You will receive a verification email with instructions to complete the process.
When ordering on behalf of an organization, proof is required to confirm that the signer is an authorized representative.
As part of the verification, Sectigo verifies the phone number provided with the order. You will receive an email with instructions, and the process will involve a callback to the phone number that was verified as part of the organization identity.
The callback verifies the following:
- The phone number is that of the organization.
- The authenticity of the order and that it was placed by the organization.
- The signature on the agreement is confirmed by the signer.
- The authority of the signer to enter into an agreement.
For orders involving legal persons, Sectigo will verify the physical, legal, and operational existence of the organization.
During the verification process, Sectigo reviews the organization details submitted with the order, including:
- the legal identity and existence of the organization
- the physical existence of the organization
- the operational existence of the organization
You may be required to provide additional documentation and receive callbacks.
PSD2-compliant certificates require additional evidence confirming the organization's registration and approval by the relevant NCA (National Competent Authority).
PSD2 Requirements
Generate your signing Key Pair and CSR on the server where you will be installing the certificate before ordering. Consult your server documentation.
These orders require that you provide a PSD2 authorization number as issued by your NCA.
Before you order
Sectigo PSD2 QWAC Certificates for legal persons are SSL/TLS certificates that are issued to organizations.
Organizations that are registered with and approved by their NCA, such as banking entities and third-party payment providers, can additionally obtain a PSD2-compliant QWAC.
QWACs (with or without PSD2) can additionally be ordered for multiple domains.
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
