Third Party Provider (TPP)
Last changes: 09-26-2019
The European Union (EU) revised Payment Services Directive (PSD2) was adopted January 2016 and extends the scope of PSD 1 (adopted in 2007) to improve consumer protection (Secure Customer Authentication) and increase competition and participation in the payments industry. In this context, Third Party Providers (TPPs) get the right to access specific information of a payment service user's account to offer payment initiation and account information services (see TPP Roles). Being or becoming a TPP opens up business opportunities for incumbents and new players alike.
PSD2 differentiates between the following two entities providing services to a Payment Service User (PSU):
- Third Party Provider (TPP)
- Account Servicing Payment Service Providers (ASPSP).
An ASPS is a Payment Service Provider (PSP) which is in charge of holding payment accounts for their PSUs, here to KontoCloud E-Wallet Platform.
By encrypting communications, the two communicating entities, TPP and ASPSP, can ensure that messages sent between them are not read or stolen by external actors.
In addition, the ASPSP needs to be certain that the TPP is who they say they are. This is ensured via an eIDAS certificate.
eIDAS is an EU regulation based on a set of standards for electronic identification of a person or organisation within the European single market and stands for “electronic IDentification, Authentication and trust Services”. As such it allows an ASPS to validate a TPP's identity.
To gain an eIDAS certificate you will need to apply to a Qualified Trust Service Provider (QTSP) as described in Obtain Certificate. A QTSP is responsible for providing trusted digital certificates and are legally responsible to conduct a variety of checks on a TPP.
The eIDAS certificate contains among other information the TPP Roles, thus defining the scope of provided services.
TPPs can be subdivided into three categories:
- Card Based Payment Instrument Issuers (CBPII)
- Account Information Service Providers (AISP)
- Payment Initiation Service Providers (PISP)
Each role supports a specific set of services as defined in the table below.
|Find User Account||✔||✔||✔|
|Card Based Payment Instruments||✔||✔|
|Check Available Payment Amount||✔||✔|