Article 34 Certificates

  1. (1)

    For the purpose of identification, as referred to in Article 30(1)(a), account servicing payment service providers shall accept both of the following electronic means of identification:

    1. (a)

      qualified certificates for electronic seals as referred to in Article 3(30) of the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust service for electronic transactions in the internal market, as amended by the Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019 as came into force on IP completion day as defined in the European Union (Withdrawal Agreement) Act 2020, or for website authentication as referred to in Article 3(39) of the same Regulations;

    2. (b)

      at least one other form of identification issued by an independent third party that is not unduly burdensome for payment service providers to obtain; and

    account information service providers, payment initiation service providers and payment service providers issuing card-based payment instruments shall rely on one of the above means of identification.

  2. (2)

    For the purpose of these Standards, referred to in paragraph 1, the registration number as referred to in the official records in accordance with Annex III(c) or Annex IV(c) to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust service for electronic transactions in the internal market as amended by the Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019 as came into force on IP completion day as defined in the European Union (Withdrawal Agreement) Act 2020 and the registration number referred to in paragraph 8, shall be the authorisation or registration number of the payment service provider issuing card-based payment instruments, the account information service providers and payment initiation service providers, including account servicing payment service providers providing such services, available in the public register of the UK pursuant to regulation 4 of the Payment Services Regulations (SI 2017/752) or section 347 of the Financial Services and Markets Act 2000, or in the case of such payment service providers incorporated and registered or authorised in Gibraltar, their incorporation number available in the Regulated Entities Register of the Gibraltar Financial Services Commission.

  3. (3)

    For the purposes of these Standards qualified certificates for electronic seals or for website authentication referred to in paragraph 1(a) shall include, in a language customary in the sphere of international finance, additional specific attributes in relation to each of the following:

    1. (a)

      the role of the payment service provider, which may be one or more of the following:

      1. (i)

        account servicing;

      2. (ii)

        payment initiation;

      3. (iii)

        account information;

      4. (iv)

        issuing of card-based payment instruments;

    2. (b)

      the name of the competent authorities where the payment service provider is registered.

  4. (4)

    The attributes referred to in paragraph 3 shall not affect the interoperability and recognition of qualified certificates for electronic seals or website authentication.

  5. (5)

    Where a form of identification under paragraph 1(b) is used, account servicing payment service providers must:

    1. (a)

      verify that the payment service provider is authorised or registered to perform the payment services relevant to its activities in a way that does not present an obstacle to the provision of payment initiation and account information services; and

    2. (b)

      satisfy itself that the independent third party issuing that form of identification is suitable and has sufficient systems and controls to verify the information contained in the digital certificate referred to in paragraph 8.

  6. (6)

    Account servicing payment service providers must make public the forms of identification they accept.

  7. (7)

    Payment service providers relying on a form of identification under paragraph 1(b) must notify the independent third party issuing that form of identification of any changes in identity information or regulatory authorisation in writing before such changes take effect or, where this is not possible, immediately after.

  8. (8)

    A form of identification accepted under paragraph 1(b) must be a digital certificate that:

    1. (a)

      is issued upon identification and verification of the payment service provider’s name, company number (if applicable) and its principal place of business;

    2. (b)

      gives appropriate assurance to account servicing payment service providers in relation to the authenticity of the data and the identity of the payment service provider;

    3. (c)

      represents the following information:

      1. (i)

        name of the issuer of the form of identification;

      2. (ii)

        the name of the payment service provider to whom the certificate is issued; and

      3. (iii)

        the registration number and competent authority of the payment service provider to whom the certificate is issued; and

    4. (d)

      is revoked where the payment service provider ceases to be authorised or registered or it would be inconsistent with its authorisation to carry on the relevant payment services.