PSP Checking Service
Konsentus facilitates checking the regulatory status and eIDAS Certificates of Payment Service Providers (PSPs), along with the issuing of access tokens to enable PSPs to initiate payments and access PSU account information.
Under PSD2, ASPSPs can only share data with regulated third-parties. Therefore every time a PSP makes a request to access an ASPSP's API they must check the identity and regulatory status of the PSP.
It is estimated that there are in excess of 100 databases that need to be referenced to check the regulatory status of a PSP, which comprise of:
- 31 EEA National Competent Authority (NCA) Databases
- 73+ Qualified Trust Service Providers
- 1 EBA Central Register
Konsentus provides a single consolidated source of data on all regulated organisations (known as the Konsentus Regulatory Database) and makes this data available to ASPSPs through a simple RESTful API.
Consent and Preference Management Tokenization
Konsentus provides secure Consent and Preference management access tokenization services to ASPSPs using open standards (OAuth 2.0, OpenID Connect, ODI FAPI etc.). Konsentus issues the access tokens for Client Credential Grants and Authorisation Code Grants on behalf of the ASPSP, which passes them to the PSPs to present each time they access the ASPSP PSD2 API.
Konsentus checks the access tokens that are presented to the ASPSP’s PSD2 API to ensure that the PSP has the appropriate payment service user consent and is a regulated PSP, at the time of the transaction. Konsentus also checks the identity and regulatory status of the PSP, using the Konsentus Regulatory Database.