PSD2: Payment Services Directive 2. This is an EU directive whose purpose is to regulate payment services and payment service providers (PSPs) throughout the EU and EEA member states. Two of its key aims are to increase competition through open banking and to reduce payment fraud. It replaces PSD1 which delivered standardisation of payments.
PSP: Payment Services Provider. A PSP is an organisation that can hold one or more of the payment services. See the list of payment services.
NCA: National Competent Authority. An NCA is a country's regulator who maintains a register of all the financial institutions operating in the country alongside a list specifying what each institution is allowed to do. This register includes PSPs and the payment services they have been authorised to perform.
Register Category: NCAs split their register into categories to reflect the difference between how certain PSPs are regulated. See the list of the PSP categories.
PSP URN: Unique Registration Number. This is the id number that an NCA has assigned to uniquely identify a PSP on their register.
Payment Services: These are a list of activities that PSPs can carry out in an EEA (European Economic Area) country if the NCA of that country has authoirsed them to do so. See the list of payment services.
FI: Financial Institution. This represents any organisation who holds customer financial accounts.
Aggregator: A service provider that links to Konsentus and represents one or many Financial Institutions.
Transaction Jurisdiction: The country in which a transaction (such as a payment or request for account access) is taking place. See the list of transaction jurisdictions.
EBA: The European Banking Authority. This is an EU regulatory agency that ensures that financial institutions can compete fairly across the EU through the implementation of pan European standards. These standards ensure that no one member state can gain an advantage in the financial market through implementing loose regulations on its financial institutions. While it leaves much of the day to day regulation of financial institutions to the NCAs the EBA does hold the power to overrule any NCA if it fails to properly regulate its financial institutions. It has also compiled a central register of all the PSPs and the payment services they are allowed to perform.
ECB: The European Central Bank. Not to be confused with the EBA, the ECB's purpose is to maintain price stability and not to regulate financial institutions.
EEA Country Codes: The EEA have defined two letter country codes to represent the countries within the EEA and a selection of countries it does business with. Konsentus therefore come across these codes a lot through means such as the authorisation number in an eIDAS certificate. Use this link to find the official list of country codes:
PSP URN: Unique Registration Number (has also been referred to as TPP Reference Id). This is the id number that an NCA will use to identify a PSP on their register.
Home NCA: The NCA of the country where a PSP is headquartered.
Host NCA: An NCA of a country that is not the PSPs Home country but that the PSP is operating in (using passporting).
Passport Out Countries: An NCA register will list all the countries a PSP is allowed to operate in if the PSP has its headquarters in that NCAs country. These are the passport out countries.
Passport In Country: If a PSP has passported into a country, the host NCA register could hold a record of the home country of that PSP. This is known as the PSP's passport in country.
eIDAS: electronic identification authentication and trust services. This is an EU regulation on electronic identification for electronic transactions within the single market. Konsentus is primarily concerned with the eIDAS certificates that are used by PSPs to identify each other when they are performing electronic transactions.
QWAC: A Qualified Web Authentication Certificate. This is a type of eIDAS certificate that is used by PSPs to establish an MTSL (Mutually authenticated Transport Layer Security) session with another Financial Institution. This replaces the usual web authentication certificate used to establish a TLS session.
QSealC: Qualified Electronic Seal Certificate. This is another type of eIDAS certificate. The purpose of this certificate is to validate the identity of the sender of an electronic message and to ensure that the contents of the message have not been tampered with.
Serial Number: A unique identifier for a certificate.
QTSP: Qualified Trust Service Provider. An organisation that the EU has authorised to generate and grant eIDAS certificates to PSPs. A QTSP will digitally sign the certificates it issues to ensure that everyone will know if the contents of a certificate have been changed. This institution has the authority to revoke the certificates it has issued and maintains a list of all the certificates it has revoked. This list is known as a CRL.
CRL: Certificate Revocation List. All QTSPs maintain a CRL that records the serial numbers of all the certificates it has revoked.
OCSP: Online Certificate Status Protocol. An API provided by a QTSP that takes a certificates serial number as input and returns the status of the certificate, active or revoked.
ETSI: European Telecommunications Standards Institute. ETSI sets the standards for eIDAS certificates and what they should contain.