Third Party Provider (TPP)
Introduction
The European Union (EU) revised Payment Services Directive (PSD2) came into effect in January 2018 and extends the scope of PSD1 (adopted in 2007) to improve consumer protection (Secure Customer Authentication), increase competition and participation in the payments industry. In this context, Third Party Providers (TPPs) get the right to access specific information of a payment service user's account to offer payment initiation and account information services (see TPP Roles). Being or becoming a TPP opens up business opportunities for incumbents and new players alike.
PSD2 Actors
PSD2 differentiates between the following two entities providing services to a Payment Service User (PSU):
- Third Party Provider (TPP)
- Account Servicing Payment Service Providers (ASPSP).
An ASPS is a Payment Service Provider (PSP) which is in charge of holding payment accounts for their PSUs, here to KontoCloud E-Wallet Platform.
By encrypting communications, the two communicating entities, TPP and ASPSP, can ensure that messages sent between them are not read or stolen by external actors.
In addition, the ASPSP needs to be certain that the TPP is who they say they are. This is ensured via an eIDAS certificate.
eIDAS
eIDAS is an EU regulation based on a set of standards for electronic identification of a person or organisation within the European single market and stands for "electronic IDentification, Authentication and trust Services". As such it allows an ASPS to validate a TPP's identity.
To gain an eIDAS certificate you will need to apply to a Qualified Trust Service Provider (QTSP) as described in Obtain Certificate. A QTSP is responsible for providing trusted digital certificates and are legally responsible to conduct a variety of checks on a TPP.
The eIDAS certificate contains among other information the TPP Roles, thus defining the scope of provided services.
TPP Roles
TPPs can be subdivided into three categories:
- Card Based Payment Instrument Issuers (CBPII)
- Account Information Service Providers (AISP)
- Payment Initiation Service Providers (PISP)
Each role supports a specific set of services as defined in the table below.
| CBPII | AISP | PISP | |
|---|---|---|---|
| Card Based Payment Instruments | ✔ | ✔ | |
| Check Available Payment Amount | ✔ | ✔ | |
| Account Information | ✔ | ||
| Balance Enquiry | ✔ | ||
| Account Enquiry | ✔ | ||
| Payment Initiation | ✔ | ||
| KC-Authorize/KC-Debit Account | ✔ | ||
| KC-Capture | ✔ | ||
| KC-Cancel | ✔ | ||
| KC-Refund | ✔ |