Secure electronic payment person with laptop

Secure Electronic Payment Services and Open Banking

Account Information Service & Payment Initiation Service Providers

Regulations and Directives such as the European Payment Services Directive (PSD2) motivate banks to open up their infrastructures for third party services providers (like payment of account information services). This requires authentication of the service provider and a non-repudiable consent by the account holder.

This reform has resulted in a boom of new services and solutions, with benefits for the end-customers, banks and service providers alike. However, these open bank APIs expose data and functionality inside of their core systems. This creates new vulnerabilities for fraud and manipulation, requiring enforced security and uncompromisable IT for banks to remain compliant.

Two core types of service providers are;

  • Account Information Service Providers (AISP) include the collection and storage of information from a customer’s various bank accounts in a single place, allowing the customer to view their financial position in its entirety.
  • Payment Initiation Service Providers (PISP) initiates transactions using Open APIs and creates an interface to bridge from the consumer’s account to the merchant’s account (or vice versa), providing the information required to complete the transfer.

Utimaco’s banking-proven and certified payment service infrastructure offers easy-to-implement solutions with the flexibility for dynamic and continuous orchestration of new services and innovation of user experience.

Business value

Business value


Dynamic Scalability

  • Integrates banking platforms, cloud and service environments, mobile solutions
  • Fully scalable from low to high performance applications
  • Integratable in any existing architecture, including ERP, CRM, CIM
  • Multiple integrations with PKI applications, database encryption
  • PKI can be managed on-premise or cloud-based
  • Virtually unlimited scalability

Common Criteria Certified & eIDAS Compliant

  • Supports Trust Service Providers (TSPs), banks, and large organizations in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421).
  • Ideally suited for eIDAS-compliant qualified signature creation and remote signing, meeting the requirements of a Qualified Signature Creation device.
  • Application areas include qualified certificates, including PSD2-certificates ETSI TS 119 495, OCSP (Online Certificate Status Protocol) and time stamping.
  • Common Criteria (CC) certified based on the eIDAS Protection Profile (PP) EN 419 241-2 & available as a PCIe plug-in card or as a network-attached appliance

Maximum Security & Compliance

  • Multiple integrations with PKI applications, database encryption
  • PKI can be managed on-premise or cloud-based.
  • Secures key storage and processing inside the secure boundary of the HSM
  • Extensive key management with key authorization
  • Regulatory and industry compliant for strong user authentication, including PCI-DSS, NIST, GDPR and PSD2 (ETSI TS 119 495)

Remote Access

  • Extensive mechanisms for remote administration
  • Efficient key management and firmware updates via remote access
  • Automation of remote diagnosis via SNMP (Simple Network Management Protocol)

Software Simulator included

Included simulator allowing for evaluation and integration testing to benchmark the best possible solution for each specific case

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.