One of the use-cases for QC statements is issuing certificates to be used by payment service providers in order to meet the requirements of the PSD2 Regulatory Technical Standards, as specified in ETSI TS 119 495. In particular, the following information must be included in such certificates:
The PSD2 QC statement can either be fully configured in the certificate procedure, or in the certificate request from the Registration Authority (RA).
If fully specified in both (which may be an incorrect way of issuing such certificates), with different information in each, then similar to how other QC statements are handled, the resulting certificate will have two such QC statements. This may not be desired, so ensure that it is clear whether this statement should be fully configured in the certificate procedure or in the certificate request from the RA.
However, for PSD2 QC statements, a common use-case is that the NCA name and identifier should likely be identical for all certificates issued per certificate procedure, while the list of PSP roles may be different per issued certificate. For this particular case, another option is available in addition to fully specifying it in either the certificate procedure or in the certificate request.
To configure a combination of the NCA details and the PSP roles, do the following:
Add a PSD2 QC statement in the certificate procedure, but specify only the NCA details, and not the PSP roles.
Add a PSD2 QC statement in the certificate request from Registration Authority, but specify only the PSP roles, and not the NCA details.
The resulting certificate will then contain only one PSD2 QC statement, with the combined information of the NCA and the PSP roles. This combination is done by examining whether the NCA details are identical or empty in each place.
The Authorization Number, which is required in these certificates, must be part of the Organization Identifier in the Subject Distinguished Name, as supplied in the certificate request from the RA. The Organization Identifier must also be formatted as specified by ETSI TS 119 495 chapter 5.2.1 , and its parts of the NCA identifier must match the corresponding parts of the PSD2 QC statement in the issued certificate.