Secure Electronic Payment Services and Open Banking

Account Information Service & Payment Initiation Service Providers

Regulations and Directives such as the European Payment Services Directive (PSD2) motivate banks to open up their infrastructures for third party services providers (like payment of account information services). This requires authentication of the service provider and a non-repudiable consent by the account holder.

This reform has resulted in a boom of new services and solutions, with benefits for the end-customers, banks and service providers alike. However, these open bank APIs expose data and functionality inside of their core systems. This creates new vulnerabilities for fraud and manipulation, requiring enforced security and uncompromisable IT for banks to remain compliant.

Two core types of service providers are;

❏ Account Information Service Providers (AISP) include the collection and storage of information from a customer’s various bank accounts in a single place, allowing the customer to view their financial position in its entirety.

❏ Payment Initiation Service Providers (PISP) initiates transactions using Open APIs and creates an interface to bridge from the consumer’s account to the merchant’s account (or vice versa), providing the information required to complete the transfer.

Utimaco’s banking-proven and certified payment service infrastructure offers easy-to-implement solutions with the flexibility for dynamic and continuous orchestration of new services and innovation of user experience.

Business value

Business value


Dynamic Scalability

  • Integrates banking platforms, cloud and service environments, mobile solutions
  • Fully scalable from low to high performance applications
  • Integratable in any existing architecture, including ERP, CRM, CIM
  • Multiple integrations with PKI applications, database encryption
  • PKI can be managed on-premise or cloud-based
  • Virtually unlimited scalability

Common Criteria Certified & eIDAS Compliant

  • Supports Trust Service Providers (TSPs), banks, and large organizations in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421).
  • Ideally suited for eIDAS-compliant qualified signature creation and remote signing, meeting the requirements of a Qualified Signature Creation device.
  • Application areas include qualified certificates, including PSD2-certificates ETSI TS 119 495, OCSP (Online Certificate Status Protocol) and time stamping.
  • Common Criteria (CC) certified based on the eIDAS Protection Profile (PP) EN 419 241-2 & available as a PCIe plug-in card or as a network-attached appliance

Maximum Security & Compliance

  • Multiple integrations with PKI applications, database encryption
  • PKI can be managed on-premise or cloud-based.
  • Secures key storage and processing inside the secure boundary of the HSM
  • Extensive key management with key authorization
  • Regulatory and industry compliant for strong user authentication, including PCI-DSS, NIST, GDPR and PSD2 (ETSI TS 119 495)

Remote Access

  • Extensive mechanisms for remote administration
  • Efficient key management and firmware updates via remote access
  • Automation of remote diagnosis via SNMP (Simple Network Management Protocol)

Software Simulator included

Included simulator allowing for evaluation and integration testing to benchmark the best possible solution for each specific case

Deployment options

Deployment options


On Premise

  • Useful for centralized use cases without a requirement of scalability or remote accessibility and existing legacy infrastructure
  • Defined total cost of ownership
  • Complete control on hardware and software, including configuration and upgrades
  • Secured uptime in areas with insatiable internet connectivity
  • Preferred choice in industry-segments where regulation imposes restrictions

In the Cloud

  • Strategic architectural fit & risk management for your high value assets
  • Provides flexibility, scalability and availability of HSM-as-a-service
  • Ideal for a multi-cloud strategy, supporting multi-cloud deployments & allows for migration flexibility
  • Allows you to seamlessly work with any Cloud Service Provider
  • Easy-to-use remote management and on-site key ceremony service option
  • Full control over data through encryption key life-cycle and key administration
  • Secured data privacy through Bring-Your-Own-Key procedures

Contact us

We look forward to answering your questions.

Get in touch with us

Talk to one of our specialists and find out how Utimaco can help you today.