In this article, we will discuss the Certificate Authority (CA) in the context of eIDAS and what is required of this entity in ensuring the integrity of qualified electronic signatures.

Considering the COVID-19 impact on digitalization, EBA’s updated Guidelines on ICT and Security Risk Assessment will help focus on priority areas, including compliance.

The eIDAS regulation provides both the technical and legal framework for electronic identification and digital signatures that the banking sector needs to fully digitalize its processes and go paperless.

This article looks at 3 alternative deployment options for remote signing, catering for 3 different business models. The choice of the option will depend on the financial institution’s specific situation and strategic goals. This article gives guidance.

EU Regulation No 910/2014 (eIDAS) addresses the creation of remote electronic signatures using electronic signature creation data that is managed remotely by a third-party trust service provider (TSP) working on behalf of the signee.

Under eIDAS, a qualified electronic signature creation device (QSCD) must be certified and approved to be used for generating qualified electronic signatures (QES). Cryptomathic’s Signer is the only QSCD that is certified under the SOG-IS agreement using the Common Criteria Recognition Arrangement (CCRA). Its security target is written in strict conformance with EN 419 241-2: Trustworthy Systems Supporting Server Signing Part 2, Protection Profile for QSCD for Server Signing, CEN April 2019.

The intent of eIDAS is to create a portfolio of technical and legal standards that enhance the security, legal validity and acceptance of electronic transactions that are used to conduct business online or to conduct official business across EU member state borders. The use of qualified electronic signatures is one such standard, which requires the use of a Qualified Signature Creation Device (QSCD).

Here is an explanation of the benefits of QSCDs and why Cryptomathic Signer has the strongest security credentials for use with these devices.

Open banking can offer opportunities for retail banks that are faced with competition from newcomers to the banking and finance industry. For those unfamiliar with what open banking is, it can be best defined as “the use of open APIs that enable third-party developers (FinTech or non-banking service providers) to provide applications and services around the financial institution.” These services may be located between the customer and the bank, or placed in the bank’s bank-end.

Globalization has continued its seemingly inexorable march over the last decades. Movement of capital, labor, ideas, goods and services across borders has made the world smaller. International and multilateral organisations create the rules that define and guide interactions between peoples and nations. Parallelly, we are seeing another revolution - the digitizing of our economy at a breath-taking pace.