Content rating
Screenshot image
Screenshot image
Screenshot image

About this app

QS-DIW is a Digital Identity Wallet (DIW) app. The app is used by people to authenticate and sign payments and/or contracts as well as present verifiable information (attributes) about themselves. The person must perform Strong Customer Authentication (SCA) to complete all eID transactions.

A DIW app can be used by a person to:
- Log into a web site.
- Gain access to e.g. a secure area, hotel room, sports or entertainment venue.
- Open a bank account remotely, involving Know Your Customer (KYC).

QS-DIW also meets the PSD2 requirement to perform SCA on payments. When eID credentials are issued to the person by a bank, the app can also be used to:-
- Make payments at a POI (e.g. browser) / POS (in a shop).
- Sign a contract and/or a direct debit mandate simultaneously.
- Review and approve personal and corporate payment requests.
- Perform multi-user approvals on payments. 

Users can review summary information and optionally drill into the detail of an eID or payment order. They can approve or cancel orders and also monitor ongoing status. Status is categorised with red/amber/green colour coding. All rejects are clearly flagged, with reason information.

The user SCA credentials are represented by an asymmetric (public/private) key pair, backed by X.509 (identity and attribute) certificates. The private key element resides within and never leaves the Secure Element of the smartphone. The private key is unlocked via the use of either the device’s biometric sensor and/or a PIN. The user’s biometric data also never leaves the smartphone. The SCA proof is represented by an Advanced Electronic Signature (AdES). The SCA proof is dynamically linked to the eID/payment/consent data, plus audit trail and device attestation information.

The following payment formats are fully supported:-
- PAIN.001 v3 - Credit Transfer
- PAIN.008 v2 - Direct Debit
- PAIN.002 v3 - Payment Status
- ACMT.007 v1 - Account Opening
- PAIN.009 v1 - E-Mandate
- Berlin Group NextGenPSD2 JSON formats

PSD2 = DIRECTIVE (EU) 2015/2366 on payment services in the internal market
GDPR = REGULATION (EU) 2016/679 on the protection of natural persons
Updated on
Oct 28, 2022

Data safety

Safety starts with understanding how developers collect and share your data. Data privacy and security practices may vary based on your use, region, and age. The developer provided this information and may update it over time.
No data shared with third parties
Learn more about how developers declare sharing
No data collected
Learn more about how developers declare collection

What's new

The debtor and creditor elements in a PAIN.001 payment instruction are now represented by attribute attestations, linked to the wallet holder's digital identity.