A dedicated mobile app to capture Strong Customer Authentication for PSD2

Regulations > eIDAS

REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market.

Restricts the use of electronic signatures to natural persons (to express consent). Legal persons (companies) can only apply electronic seals (to ensure the integrity and origin of data).
Outlines the conditions to enable an electronic signature to be legally equivalent to a handwritten signature.
Involves a cryptographic electronic signature, created using a ‘certified’ device, linked to a certificate issued by a ‘qualified’ trust provider.
The device (e.g. smartcard, smartphone) hardware and operating system is ‘certified’, not the application (mobile app).
To date, all devices that have been 'certified' are smartcards.
EU Commission: Trust Services and eID
eIDAS Observatory
(EU) No 910/2014 eIDAS Regulation
(EU) 2015/1506 Specification of Advanced Electronic Signatures
CEF Digital
XAdES Baseline Profile
Associated Signature Container (ASiC)
List of Commitment Types
ETSI Signature Conformance Checker
EU DSS signature validation tool
Alternative signature validation tool
The regulation focusses on:
Confidence in the identity of the signatory (user’s first certificate requires, for example, the signatory’s handwritten signature to be witnessed by a bank official).
Confidence that only the signatory has the ability to create the signature.
The ability to prove that the data that was signed has not been altered.