Third Party Provider (TPP)

Last changes: 09-26-2019

Introduction

The European Union (EU) revised Payment Services Directive (PSD2) was adopted January 2016 and extends the scope of PSD 1 (adopted in 2007) to improve consumer protection (Secure Customer Authentication) and increase competition and participation in the payments industry. In this context, Third Party Providers (TPPs) get the right to access specific information of a payment service user's account to offer payment initiation and account information services (see TPP Roles). Being or becoming a TPP opens up business opportunities for incumbents and new players alike.

PSD2 Actors

PSD2 differentiates between the following two entities providing services to a Payment Service User (PSU):

  • Third Party Provider (TPP)
  • Account Servicing Payment Service Providers (ASPSP).

An ASPS is a Payment Service Provider (PSP) which is in charge of holding payment accounts for their PSUs, here to KontoCloud E-Wallet Platform.

By encrypting communications, the two communicating entities, TPP and ASPSP, can ensure that messages sent between them are not read or stolen by external actors.

In addition, the ASPSP needs to be certain that the TPP is who they say they are. This is ensured via an eIDAS certificate.

eIDAS

eIDAS is an EU regulation based on a set of standards for electronic identification of a person or organisation within the European single market and stands for “electronic IDentification, Authentication and trust Services”. As such it allows an ASPS to validate a TPP's identity.

To gain an eIDAS certificate you will need to apply to a Qualified Trust Service Provider (QTSP) as described in Obtain Certificate. A QTSP is responsible for providing trusted digital certificates and are legally responsible to conduct a variety of checks on a TPP.

The eIDAS certificate contains among other information the TPP Roles, thus defining the scope of provided services.

TPP Roles

TPPs can be subdivided into three categories:

Each role supports a specific set of services as defined in the table below.

 CBPIIAISPPISP
Consent Management
    Find User Account
    Add Consent
    Revoke Consent
Card Based Payment Instruments 
    Check Available Payment Amount 
Account Information  
    Balance Enquiry  
    Account Enquiry  
Payment Initiation  
    KC-Authorize/KC-Debit Account  
    KC-Capture  
    KC-Cancel  
    KC-Refund