Spontaneous remote signing for bank customers

By |

yes.com rolled out solution based on preliminary CSC work on short-term certificates

Since the beginning of this year, about 35 million German bank customers in the yes ecosystem are able to spontaneously sign contracts easily and securely with third-party providers using their online banking credentials. The service is compliant with the eIDAS regulation for remote signature creation and leverages the existing two-factor authentication systems of the banks along with the verified person data banks gather and maintain for their customers to comply with anti money laundering law.  

The bank acts as identity provider towards the QTSP that uses the verified person data to create short-term certificates, each of them used for an individual signing transaction. The 2-factor authentication of the online banking strong customer authentication (SCA) also enables the user to confirm the signature creation directly with their bank. This is an innovative approach to complying with the eIDAS regulation, which allows bank customers to spontaneously sign without the need for an additional onboarding or registration with a QTSP, giving signing application access to 35 million users that are “ready to sign”. 

The technical underpinning of the new service is an extension to CSC for utilizing short-term certificates, which the Technical Working Group has been working on since last year. yes.com is contributing its experience and technical expertise in this context to enable spontaneously initiated QES based on short-term certificates in the upcoming CSC 2.0 standard, so this functionality can be used by all applications supporting CSC 2.0.

With Namirial and Infocert, two QTSPs already support the generation of QES using this approach based on online banking in cooperation with the yes ecosystem.