GR - part 1 - iDEAL R&R Definitions

 


 


 


Contents

 


Definitions

In the iDEAL Rules & Regulations (iDEAL R&R) of Currence iDEAL iDEAL B.V. (hereinafter: Currence iDEAL), including the Licence, Certificate and Accreditation Agreements (hereinafter: Agreements) and the iDEAL API Specifications, the following terms are used with a capital letter and shall have the meaning as set out below. 

If a term defined in these Definitions is also defined in a document of the iDEAL R&R or the annexes thereto, including the Agreements and the iDEAL API Specifications, the meaning given therein shall apply only within that specific document.

Definitions

Number

2 Factor Authentication (2FA)

Authentication by means of two or more Authentication Factors.

A

Abuse

Improper use of iDEAL, such as Money Laundering, Terrorist Financing, Fraud and Non-Performance.

Acceptance Confirmation

A confirmation from a User.

Acceptance Regulations

All requirements and obligations as set out in the R&R document ‘Acceptance Regulations’ to start the Certification Procedure.

The Acceptance Regulations set out how to Certification Procedure works and also includes non-disclosure/confidentiality obligations and is comparable with an NDA during the Certification Process.

Accreditation Agreement

The accreditation agreement between the Accredited Party and Currence iDEAL for the purpose of the Role of CPSP within the iDEAL Scheme.

Accredited CPSP

A CPSP that has entered into an Accreditation Agreement with Currence iDEAL for its Role as a CPSP.

Accredited Party

The Institution with which Currence iDEAL has signed an Accreditation Agreement.

Acquirer

An Institution who has entered into a Licence Agreement with Currence iDEAL for the Role of Acquirer, as further described in the Role Provisions for the Acquirer.

Acquiring Domain

The Acquiring Domain comprises all activities relating to:

  1. receiving iDEAL Transactions or initiating iDEAL Transactions on behalf of Acquiring Participants or (if the Acquiring Participant is directly connected to the iDEAL Hub) monitoring the receiving of iDEAL Transactions or initiating of iDEAL Transactions by Acquiring Participants;

  2. ensuring that the iDEAL Payment Guarantee from the Issuer is met when the Issuer has given the iDEAL Transaction the status ’Successful’, unless the iDEAL Payment is subject to Sanctions;

  3. providing the iDEAL Payment Guarantee to Acquiring Participants and ensuring that the funds from iDEAL Payments by the Issuer are transferred to Acquiring Participants,

as well as other activities that are performed by the Acquirer on behalf of Acquiring Participants within the iDEAL Scheme.

Acquiring Participant

A Merchant, CPSP or C2C Provider.

Advisory Board

A representative body of Licencees and Certificate Holders, appointed in accordance with the Advisory Board Regulations.

Advisory Board Member

A member of the Advisory Board representing one or more Licencees.

Advisory Board Regulations

The sub-regulation entitled ‘Advisory Board Regulations’ which forms an integral part of the General Regulations of the iDEAL R&R.

Agreement

The agreement between Currence iDEAL and the Institution, comprising a Licence Agreement, Certificate Agreement or Accreditation Agreement.

Alleged Violation

An alleged failure to comply with a Provision by an Institution.

AML Directive

Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, as amended pursuant to Directive (EU) 2018/843.

Applicable Data Protection Laws

Any applicable laws and regulations relating to the protection of Personal Data, including but not limited to the GDPR, any legislation implementing the requirements of the GDPR in each member state of the European Union, any legally binding requirements of supervisory authorities and any other applicable European Union or European Union member state law relating to the protection of Personal Data.

Applicant

The party who has signed the Application Form in accordance with the provisions of Article 3 of the Acceptance Regulations.

Application

The request by the Applicant to Currence iDEAL to be accepted to perform the Requested Role or Roles.

Application Form

The form for the request to be accepted to perform the Requested Role or Roles included in the annexes of the Acceptance Regulations.

Authentication

A procedure which allows the Issuer to verify the identity of a User.

Authentication Factor

A factor which has been confirmed to be linked to a User and which falls into one of the following categories:

  1. possession: something only the User possesses (e.g. an identity token);

  2. knowledge: something only the User knows (e.g. password / PIN);

  3. inherence: something only the User is (e.g. biometric values).

and which is designed in such a way as to protect the integrity and confidentiality of the Authentication data.

Authentication Means

A means made available by the Issuer, which can be used by a User for the purpose of Authentication in order to gain access to the Issuer’s Banking Environment.

Authorisation

The User's approval of an iDEAL Transaction and the approval of the execution of the corresponding iDEAL Payment.

B

B2B Domain

The B2B Domain comprises all activities in relation to an Acquirer or CPSP providing a Business with the possibility to receive funds from another Business by making an iDEAL Payment or initiating iDEAL Transactions on behalf of Acquiring Participants.

Banking Environment

The mobile or online environment of the Issuer which is used for (amongst other things) Authentication or Authorisation of iDEAL Payments by a User.

Beneficiary

The Acquiring Participant which directly receives the funds of the iDEAL Payment on its own IBAN. This is the creditor of the iDEAL Payment.

Branding Manual

The document entitled ‘Branding Manual’ which contains detailed provisions for the requirements and instructions of the iDEAL logo's and the Distinctive Features.

Breach

A failure by an Institution to observe a Provision.

Business

A natural person or business entity, who is acting in the conduct of a profession or enterprise when purchasing or selling goods or services.

Business Beneficiary

A Merchant receiving an iDEAL Payment as beneficiary pursuant to an iDEAL Transaction on a Business IBAN.

Business Continuity Plan

Facilities and procedures, including back-up and recovery procedures, for iDEAL and data that are processed in relation to iDEAL Transactions and failover procedures, adequate to ensure the continued business processes of iDEAL.

Business IBAN

A payment acocunt (IBAN) with a Business as account holder which is used for business purposes.

C

C2B Domain

The C2B Domain comprises all activities in relation to an Acquirer or CPSP providing a Merchant with the possibility to receive funds from a User (Consumer) by making an iDEAL Payment, as well as an Acquirer or CPSP initiating iDEAL Transactions on behalf of Acquiring Participants.

C2C Domain

The C2C Domain comprises all activities in relation to a a C2C Provider providing a Private Beneficiary with the possibility to receive funds from Consumers by initiating an iDEAL Transaction and ensuring that funds are transferred from the paying Consumer to the Private Beneficiary by making an iDEAL Payment, as well as a C2C Provider initiating iDEAL Transactions on behalf of Private Beneficiaries.

C2C Provider

An Institution who has entered into a Certificate Agreement with Currence iDEAL for the Role of C2C Provider, as further described in the Role Provisions for the C2C Provider.

C2C Services

The iDEAL services provided by a C2C Provider to Private Beneficiaries in its Role of C2C Provider.

Central Reporting Point (CRP)

The relevant Currence iDEAL contact person mentioned in the contact list escalation teams who will be informed about a (suspected) Crisis Situation, as further described in iDEAL R&R ‘Escalation Procedure’.

(digital) Certificate

A digital Certificate is an electronic file that is tied to a cryptographic key pair and authenticates the identity of a website, individual, organisation, user, device or server. It is also known as a public key Certificate or identity Certificate.

Certificate Agreement

The certificate agreement of a Certificate Holder with Currence iDEAL for the purpose of the Role of CPSP or C2C Provider within the iDEAL Scheme.

Certificate Applicant

The Institution requesting a Certificate from the Currence iDEAL CA

Certificate Applicant Representative

A person with mandate and knowledge to request Certificates on behalf of their Institution.

Certificate Authority

A certificate authority (CA) is an entity that issues Certificates to Subscribers.

Certificate Holder

The Institution that has successfully completed the Certification Procedure and has entered into a Certificate Agreement with Currence iDEAL.

Certificate Policy

The policy of Currence iDEAL stating the PKI's requirements concerning its procedures.

Certificate Practice Statement

A document from a Certificate Authority which describes their practice for issuing and managing Public Key Certificates.

Certificate Problem Report

A report Partners in the iDEAL Scheme can file to report any (security) issues regarding Certificates issued by the Currence iDEAL CA.

Certificate Revocation

Certificate Revocation is the act of invalidating a TLS Certificate before its scheduled expiration date.

Certificate Signing Request

A message sent from a Certificate Applicant to a Certificate Authority of the PKI in order to apply for a Certificate.

Certification Procedure

The procedure to be carried out by an Applicant wishing to enter into an Agreement with Currence iDEAL for the Role or Roles of Issuer, Acquirer, CPSP and/or C2C Provider, which uses the CSA form to demonstrate that the Institution satisfies the requirements that apply to its Role or Roles as an Issuer, Acquirer, CPSP and/or C2C Provider, as further specified in the iDEAL R&R ‘Certification Procedure’ which forms an integral part of the General Regulations of the iDEAL R&R.

Certified CPSP

A CPSP that has entered into a Certificate Agreement with Currence iDEAL for its Role as a CPSP.

Change Procedure Regulations

The sub-regulation entitled ‘Change Procedure Regulations’ which forms an integral part of the General Regulations of the iDEAL R&R.

Clearing

The processing of an iDEAL Payment between an Issuer and an Acquirer (or a Sponsor PSP on behalf of an Acquirer).

Collecting Payment
Service Provider (CPSP)

An Institution which has entered into a Certificate Agreement or Accreditation Agreement with Currence iDEAL for the Role of CPSP, as further described in the Role Provisions for the CPSP.

Communication Regulations

The sub-regulation entitled ‘Communication Regulations’ which forms an integral part of the General Regulations of the iDEAL R&R.

Competent Data Protection Authority

The data protection supervisory authority which has jurisdiction in the meaning of article 51 GDPR over the processing of Personal Data.

Confidential Information

Confidential Information means, in relation to an Institution or Currence iDEAL as a receiving party:

  1. all commercial, financial, technical and other information, regardless of the form which it takes, concerning the disclosing party, that party’s subcontractors, customers and suppliers obtained in connection with the Application where such information:

    1. has been classified as confidential by the party making it available;

    2. is information derived from confidential information;

    3. is information, of which the confidential nature is known or ought to be known to the parties; or

    4. any reports, analyses, copies, notes, reviews, compilations, studies, forecasts or other documents, know-how or data prepared or obtained by, on behalf of, or for the recipient which contain, derive from or otherwise reflect any information described in (a) to (c) above;

  2. all third-party information made available to the Institution by Currence iDEAL in connection with an Application or the Agreement; and

  3. the contents of the Acceptance Regulations including all documents of Currence iDEAL referred to in the Acceptance Regulations.

Consumer

A natural person, not acting in the conduct of a profession or enterprise.

Consumer Identification Token (CIT)

A consumer identification token which is issued by the Issuer and used to identify the iDEAL User Profile in both the administration of the Issuer and Currence iDEAL.

Controlled Operations

Controlled and sound business operations (beheerste en integere bedrijfsvoering), as described in Article 3:17 of the Wft (or similar provisions in applicable law).

Control Self-Assessment (CSA)

An initial or periodic (re)assessment with respect to the compliance of an Applicant or Institution with the iDEAL R&R, as further described in the iDEAL R&R ‘Certification Procedure’ which forms an integral part of the iDEAL R&R.

Core Payment Handling

Term used for Institutions that directly handle iDEAL Payments as a result of an iDEAL Transaction.

Core Payment Handling Party

An Institution.

Crisis Situation

Any of the following situations:

  • a situation that poses a (significant) threat to the integrity or image of iDEAL;

  • a situation which may result in (significant) liability of Currence iDEAL or the Institutions against third parties;

  • a Personal Data Breach which should potentially be reported to the Competent Data Protection Authority; or

  • a Default or possible Default of an Institution.

Crisis Team

The crisis team that will be convened if a Crisis Situation exists, as further described in iDEAL R&R Annex ‘Escalation Procedure’.

Critical Services

The iDEAL API’s that are time-critical for the processing of iDEAL Transactions and are described in the iDEAL API Specifications.

Cross-border iDEAL Payment

An iDEAL Payment that is made from an IBAN which is issued in another country than the IBAN on which the iDEAL Payment is received.

Crypto Service Provider

A Merchant who is providing exchange services between virtual currencies and fiat currencies or a custodian wallet provider, which is registered by DNB pursuant to Article 23b Wwft, which registration has not been revoked.

Currence iDEAL

Currence iDEAL iDEAL B.V., which offers the services and activities in relation to iDEAL as described in the General Notes and iDEAL GR - part 8 - iDEAL Hub.

Currence iDEAL Certificate Authority (CA)

The Certificate Authority (CA) that issues Certificates to Subscribers in the iDEAL Scheme.

Currence iDEAL Privacy Statement

The publicly available privacy statement of Currence iDEAL with information on the processing of Personal Data by Currence iDEAL, as amended or restated from time to time.  

Customer Due Diligence (CDD)

Customer due diligence, meaning the policies and procedures that an Institution has in order to (among others) identify its customer(s) and its UBO(s), to assess the purpose and intended nature of the business relationship and conducting ongoing monitoring of the business relationship, as further specified in the AML Directive. 

D

Data Processing Agreement (DPA)

The data processing agreement in https://currencenl.atlassian.net/wiki/spaces/RNIRRR/pages/2917793793, which sets out the terms and conditions under which Currence iDEAL processes the iDEAL Transaction Data on behalf of the Institutions and in accordance with the Institution’s instructions as required based on article 28 GDPR and in compliance with Applicable Data Protection Laws.

Data Subject Request

The request of a User to exercise (one of) its Personal Data Rights.

Definitions Regulations

This sub-regulation entitled ‘Definitions’ which forms an integral part of the General Regulations of the iDEAL R&R.

Direct Connection

This is the connection of an Acquiring Participant directly to the iDEAL Hub, using the iDEAL API Specifications of Currence iDEAL.

Distinctive Features

The Distinctive Features of the iDEAL Scheme and iDEAL logo’s referred to in the Agreement, as further specified in the Branding Manual.

DNB

The Dutch Central Bank (De Nederlandsche Bank).

E

EEA

The European Economic Area.

E-Money Directive

Directive 2009/110/EC of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC.

EU Blocking Regulation

Regulation (EU) 2271/96 of 22 November 1996 protecting against the effect of the extra-territorial application of legislation adopted by a third party, and actions based thereon or resulting therefrom, as amended, supplemented or replaced from time to time.​

Exempt Payment Service Provider (Exempt PSP)

An institution with its registered office in an EU/EEA member state and which has been registered as such in the register of financial institutions of DNB:

  1. to which an exemption has been granted from the license requirement as a payment service provider (betaaldienstverlener) pursuant to Article 2:3d of the Wft, to the extent that this licence authorises it to provide the services mentioned under point 3 and/or 5 of Annex 1 to the PSD 2; or

  2. to which an exemption has been granted from the license requirement as an e-money institution (elektronischgeldinstelling) pursuant to Article 2:10d of the Wft, to the extent that this licence authorises it to provide the services mentioned under point 3 and/or 5 of Annex 1 to the PSD 2.

The exemption must relate to the following activities:

  • the execution of credit transfers, and /or;

  • the issuing of payment instruments and the acquiring of payment instruments.

F

Fraud

An iDEAL Fraud or an Other Fraud.

Functional Incident

An Incident that is related to a non-compliance of the iDEAL R&R, the iDEAL Implementation Guide, Abuse of iDEAL, an ICT Breach or a Personal Data Breach.

G

General Regulations

The General Regulations which are part of the iDEAL R&R and which are divided into sub-regulations, as amended, restated, supplemented and/or replaced from time to time.

GDPR

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as amended, restated, supplemented and/or replaced from time to time, including the AVG Implementation Act.

I

ICT Breach

The loss or unauthorised destruction, alteration, disclosure of, access to, or control of information technology systems, operational technology systems, networks, internet-enabled applications or devices and the data contained within such systems and which affect the confidentiality, availability and/or integrity of iDEAL.

iDEAL

The service pursuant to the iDEAL Scheme whereby iDEAL Transactions are processed, followed by an iDEAL Payment.

iDEAL Access Token

A short-lived token to be provided by the Acquirer to an Acquiring Participants that connects to the iDEAL Hub directly and which includes contractual data needed for the iDEAL Transaction (e.g. IBAN, Merchant name etc.). The Acquiring Participant needs to include this token in each iDEAL API message towards to the iDEAL Hub in order for Currence iDEAL to authenticate the contractual validity of the direct access of the Acquiring Participant to the iDEAL Hub.

iDEAL Application Programming Interface (iDEAL API)

The application programming interface that is used for the purpose of exchanging data and information by and between the iDEAL Hub, Institutions and Merchants for the purpose of initiating, sending and receiving iDEAL Transactions.

iDEAL API Specifications

A set of application programming interface (API) specifications which prescribe the iDEAL API.

iDEAL Checkout Page

The webpage operated by Currence iDEAL where a User can create an iDEAL User Profile and where the unrecognised User is directed to before being directed to the Banking Environment of its Issuer for Authentication and Authorisation.

iDEAL Checkout (iDEAL Snel Bestellen)

The service pursuant to the iDEAL Profile Agreement, whereby the User is recognised on the basis of a cookie and some of the iDEAL Profile Data registered in his iDEAL User Profile (such as contact and delivery details) are provided to the Merchant upon completion of an iDEAL Transaction for the purpose of delivery of the order by the Merchant to the User.

iDEAL Checkout Page

The webpage operated by Currence iDEAL where iDEAL Payment details of the iDEAL Transaction are shown in the case of an iDEAL Checkout ‘iDEAL Snel bestellen’ transaction. On this page the User can examine and change the checkout details shared with the merchant during the iDEAL Payment.

iDEAL Contract

A contract and/or general terms and conditions from an Institution which provides for the use of iDEAL by the relevant iDEAL Participant.

iDEAL Data

iDEAL Profile Data or iDEAL Transaction Data.

iDEAL Fast Payment (iDEAL Snel Betalen)

The service pursuant to the iDEAL Profile Agreement, whereby the User is recognised on the basis of a cookie or iDEAL User Token and is automatically directed to his Issuer, by means of the preferred IBAN(s) for iDEAL Payments registered in his iDEAL User Profile, to authorise the iDEAL Transaction.

iDEAL Fraud

A breach of the iDEAL API and/or the infrastructure of iDEAL or the iDEAL Scheme as a result whereof persons may have unauthorised access to the iDEAL Hub and/or iDEAL Systems of an Institution.

iDEAL Hub

A hub for enabling Issuers and Acquirers as well as CPSPs, C2C Providers and Merchants directly connected to the iDEAL Hub to offer iDEAL as a payment method to their clients and to send and retrieve information in relation to iDEAL Transactions via the iDEAL API, which is operated by Currence iDEAL in accordance with the iDEAL API Specifications and meets the the obligations and service levels of Currence iDEAL as provided for in the R&R General Regulations - part 8 - iDEAL Hub, as well as the technical infrastructure relating to the operations of the iDEAL Hub.

iDEAL Issuer List

This is the list of certified iDEAL Issuers by Currence iDEAL. Users can select their Issuer from this list to pay with iDEAL. Currence will display this list on its iDEAL Payment Page. All iDEAL Participants within the Acquiring Domain must refer to the iDEAL Payment Page when starting the iDEAL Transaction.

iDEAL Participant

An Institution, Merchant, User or Private Beneficiary.

iDEAL Partner

An Institution.

iDEAL Payment

A SEPA Credit Transfer (SCT) payment initiated and authorised by a User through the Banking Environment of its Issuer to a Merchant, Acquirer, CPSP or C2C Provider pursuant to the iDEAL Scheme, to be executed upon successful completion of an iDEAL Transaction.

iDEAL Payment Guarantee

The payment obligation (with respect to the Issuer) provided by the Issuer to the Acquirer pursuant to the relevant Provision of the Issuer Role or (with respect to the Acquirer) provided by the Acquirer to its Acquiring Participants pursuant to the relevant Provision of the Acquirer Role.

iDEAL Payment Link

An URL that leads a User (via the checkout page of the Acquiring Participant) to the iDEAL Payment Page, where the User can start the iDEAL Transaction. The iDEAL Payment Link can be sent via instant message apps (e.g. WhatsApp, SMS, Messenger, chats), social media, email, or other communication channels.

iDEAL Payment Page

The webpage operated by Currence iDEAL where iDEAL Payment details of the iDEAL Transaction are shown. For unrecognised Users, this page shows the Issuer Selection List or an iDEAL QR code which can be scanned with the bank app to finalise the payment. For recognised Users, this page shows the preffered IBAN of an Issuer as configured the iDEAL Profile of the User.

iDEAL Product Verification (iPV)

A verification of the iDEAL Transaction and the successful debiting and crediting of the iDEAL Payment.

iDEAL Profile

The proposition of Currence iDEAL where a User can fill with Personal Data and which can be used to provide iDEAL Profile Data with an iDEAL Transaction to a Merchant as an iDEAL Value Added Service (iDEAL VAS).

iDEAL Profile Agreement

The agreement between Currence iDEAL and a User on the the creation and use of an iDEAL User Profile, as further elaborated in the applicable general terms and conditions of Currence iDEAL.

iDEAL Profile Data

Any subset of (personal) data from an iDEAL User Profile which is provided at the request of the Merchant with the consent of the User as an iDEAL VAS to an iDEAL Transaction.

iDEAL Profile Management

The management (viewing, amending or deleting) of an iDEAL User Profile by a User in the online environment of the iDEAL Hub.

iDEAL Profile Page

The profile page operated by Currence iDEAL where the User is directed to when making an iDEAL User Profile, where all details of a User are shown and where the User can manage (view, amend or delete) its iDEAL User Profile.

iDEAL Profile Services

iDEAL Fast Payment and iDEAL Checkout.

iDEAL Profile Terms and Conditions

The terms and conditions of Currence iDEAL which the User has to accept for the purpose of creating an iDEAL User Profile and using the iDEAL Profile Services.

iDEAL Rules & Regulations (iDEAL R&R)

The iDEAL Rules & Regulations which stipulate the rights and obligations of Institutions towards each other and Currence iDEAL in relation to the iDEAL Scheme, as amended, restated, supplemented or replaced in accordance with the Change Procedure Regulations from time to time.

iDEAL Scheme

A system of agreements and procedures for the offering and use of iDEAL by Institutions, consisting of governance agreements, Role descriptions, functional requirements and iDEAL API Specifications, as further described in the iDEAL R&R and its Annexes for the Provisions per Role, including product functionalities, value added services and the house style and branding of the logo and brands of iDEAL.

iDEAL System

The hardware, software, data, databases, data communication lines, network and telecommunications equipment, internet-related information technology infrastructure, wide area network and other information technology equipment, owned, leased or licensed by an Institution and used for the purpose of offering any services in relation to iDEAL.

iDEAL Transaction

A set of iDEAL messages, which are described in the iDEAL API Specifications and which are exchanged between Issuers, Acquirers and Acquiring Participants, and routed via the iDEAL Hub, for the purpose of an iDEAL Payment and/or iDEAL Profile Data.

iDEAL Transaction Data

Any subset of (personal) data that are processed in order to facilitate an iDEAL Transaction.

iDEAL User Token

The token as provided by Currence iDEAL to a Merchant to identify an iDEAL User Profile, which is linked to an iDEAL User Profile on the iDEAL Hub and which is used to exchange the User preferences for the iDEAL Transactions with the Merchant.

In the iDEAL API Specifications, the iDEAL User Token is referred to as expectedDebtor.debtorToken or debtor token.

iDEAL Value Added Service (iDEAL VAS)

Additional services which may be offered pursuant to the iDEAL Scheme in order to add iDEAL Profile Data to an iDEAL Transaction, including iDEAL Fast Payment and iDEAL Checkout.

Implementation Guide

A document to be provided by Currence iDEAL in order to assist the Licencee in the implementation of iDEAL pursuant to the Licence Agreement.

Incident

An unplanned disruption to the iDEAL Scheme, e.g. to the IT service or reduction in the quality of an IT service of the iDEAL Hub and/or the Institutions, which may lead to reputational or financial damage.

Infringement

A failure to comply with a Provision by an Institution.

Institution (iDEAL Partners)

The party with whom Currence iDEAL has signed an Agreement.

Issuer

An Institution which has entered into a Licence Agreement with Currence iDEAL for the Role of Issuer, as further described in the Role Provisions for the Issuer.

Issuing Domain

All activities related to the initiation, receipt, processing or Authorisation of iDEAL Transactions initiated by Users using the Banking Environment of the Issuer, as well as any other activities that are performed by the Issuer on behalf of its Users within the iDEAL Scheme.

J

Joint Controller Agreement

The joint controller agreement in iDEAL GR - part 8 - appendix ‘Joint Controller Agreement’, which sets out the respective responsibilities of Currence iDEAL and the Issuers as joint controllers under article 26 GDPR for compliance with their obligations under the GDPR in relation to iDEAL Profile Data relating to iDEAL Fast Payment (iDEAL Snel Betalen) and the exercise of Personal Data Rights by Users.

L

Licence Agreement

The licence agreement between the Licencee and Currence iDEAL for the purpose of the Role or Roles of Issuer or Acquirer within the iDEAL Scheme.

Licensed Payment Service Provider (Licensed PSP)

An institution with its registered office in an EU/EEA member state and which has been registered as such in the in the register of financial institutions of DNB:

  1. holds a licence as a bank under Article 2:11 Wft or which is using the EU passport regime pursuant to Articles 2:15 or 2:18 Wft, to the extent that this licence authorises it to provide payment services (betaaldiensten) within the meaning of the Wft;

  2. holds a licence as a payment institution (betaalinstelling) pursuant to Article 2:3a or 2:3c of the Wft or which is using the EU passport regime pursuant to Article 2:3e of the Wft, to the extent that this licence authorises it to provide the services mentioned under point 3 and/or 4 and/or 5 of Annex 1 to the PSD 2; or

  3. has a licence as an e-money institution (elektronischgeldinstelling) pursuant to Article 2:10a of the Wft or which is using the EU passport regime pursuant to Article 2:10e of the Wft, to the extent that this licence authorises it to provide the services mentioned under point 3 and/or 4 and/or 5 of Annex 1 to the PSD 2.

The payment license must relate to the following activities:

  • payment services

  • the execution of credit transfers, and /or;

  • the issuing of payment instruments and the acquiring of payment instruments.

Licencee

The Institution with which Currence iDEAL has signed a Licence Agreement.

Licencee Fee Regulations

The sub-regulation entitled ‘Licencee Fee Regulations’ which forms an integral part of the General Regulations of the iDEAL R&R.

M

Major Incident

A significant unplanned disruption to the iDEAL Scheme, e.g. to the IT service or reduction in the quality of an IT service of the iDEAL Hub and/or the Institutions, which is likely to lead to reputational or financial damage.

Merchant

A Business or non-profit entity that has concluded an iDEAL Contract with an Acquirer or CPSP in order to offer iDEAL as a payment method to its customers (Users), and to receive iDEAL Payments (via its Acquirer or CPSP) from its customers (Users) for the payment of goods or services delivered by it or for the support of non-profit activities on a Business IBAN. 

Merchant Implementation Guide (MIG)

A document to be provided by the Acquirer in order to assist the Acquiring Participants in the implementation of iDEAL pursuant to the iDEAL Contract offered by the Acquirer.

Mobile Transaction

An iDEAL Transaction which is authorised in the mobile banking app of the Issuer.

Money Laundering

Execution of transactions in order to disguise the illegal origin of sums of money and with the purpose to spend or invest illegally acquired assets without anyone being able to prove their illegal origin.

N

Non-Critical Services

All iDEAL API’s that are not Critical Services.

Non-Performance

An attributable failure to comply with (toerekenbare tekortkoming in de nakoming van) an agreement.

Notification Form Sponsor PSP

A form in which the Acquirer notifies Currence iDEAL that it wishes to use a Sponsor PSP for its iDEAL Transactions.

O

Other Fraud

A deliberate misrepresentation to gain an unfair advantage, causing damage to an iDEAL Participant, to (the image of) iDEAL or the iDEAL Scheme, or to the reputation of Currence iDEAL.

Other Sanction Authority

Any agency or person which is duly empowered or authorised to enact, administer, implement and/or enforce Sanctions, other than a Relevant Sanction Authority.

P

Payer (User)

The natural person or Business using the iDEAL Scheme to make an iDEAL Payment through the Banking Environment of its Issuer.

Payment Service Provider (PSP)

A Licensed Payment Service Provider or an Exempted Payment Service Provider.

Penalty Regulations

The sub-regulation entitled ‘Penalty Regulations’ which forms an integral part of the General Regulations of the iDEAL R&R.

Personal Data

Any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR.

Personal Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed, as defined in Article 4(1) of the GDPR.

Personal Data Rights

Any rights from a User in relation to the processing of his/her iDEAL Transaction Data or iDEAL Profile Data pursuant to Articles 12-22 GDPR, such the rights of access, rectification, erasure, restriction, data portability or right to object in relation to iDEAL Transaction Data or iDEAL Profile Data.

Personal Data Transfer

The transfer of Personal Data outside the EEA in the meaning of Chapter V of the GDPR.

PKI

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital Certificates and manage public-key encryption.

Platform

An online marketplace for the purchase of (second hand) goods or services, such as such as Amazon, Bol.com, eBay, Marktplaats, Vinted etc.

Pre-Crisis Team

The pre-crisis team that will be convened if a (suspected) Crisis Situation exists, as further described in iDEAL R&R Annex ‘Escalation Procedure’.

Private Beneficiary

A Consumer who has concluded an iDEAL Contract with a C2C Provider in order to receive iDEAL Payments as beneficiary pursuant to an iDEAL Transaction within the C2C Domain.

Private Key

The private part of an asymmetric key pair that is typically used to verify signatures or encrypt data.

Problem (Issue)

A problem, which could the outcome of an Incident, that needs to be solved structurally by Currence iDEAL (for the iDEAL Hub) and/or the Institution (for its iDEAL Systems).

Products

The products offered by Currence iDEAL Holding B.V. and its subsidiaries, consisting of iDEAL, eMandates, Acceptgiro and iDIN.

Proposed Change

Any change proposed by Currence iDEAL to an Agreement or the iDEAL R&R.

Provision

An obligation of the Institution provided for in an Agreement or in the iDEAL R&R.

PSD 2

Directive (EU) 2015/2366 on payment services in the internal market, as amended, restated, supplemented and/or replaced from time to time.

Public Key

The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data.

R

Registration Authority

A Registration Authority (RA) is a function for Certificate enrollment.

It is responsible for receiving Certificate signing requests, for the initial enrollment or renewals. The Registration Authority verifies and forwards these requests to a Certificate Authority (CA).

Related Parties

Legal representatives, shareholders, directors, authorised agents, UBOs and other parties involved in the iDEAL Transaction.

Relevant Sanctions Authority

The Security Council of the United Nations, the United States of America, the European Union and the Netherlands, the governments and official institutions or agencies of any of afore mentioned sanctions authorities, including the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC), the Council of the European Union and the United States Department of State. ​

Relying Parties

An entity that acts in reliance on a Certificate or digital signature associated with a Certificate.

Requested Role

The Role that an Application relates to, as shown by the Application Form signed by the Applicant for an Agreement.

Role

The role of Issuer, Acquirer, CPSP or C2C Provider in the iDEAL Scheme, as further set out in the iDEAL R&R, as well as any roles in the iDEAL Scheme to be added by Currence iDEAL in the future.

S

Sanction Lists

Any lists of specifically designated persons or entities (or equivalent) or countries maintained by, or public announcement of Sanctions designation made by any Relevant Sanctions Authority from time to time.

Sanctions

The economic or financial sanction laws, regulations, trade embargoes or other restrictive measures enacted, administered, implemented and/or enforced from time to time by any Sanctions Authority, except to the extent that enforcement of such economic of financial sanction laws, regulations, trade embargoes or other restrictive measures would result in a violation of the EU Blocking Regulation.

Sanctions Authority

A Relevant Sanction Authority or an Other Sanction Authority.

Sanction Screening

The screening by an Institution of its clients and its clients’ Related Parties in accordance with applicable Sanctions for Cross-border iDEAL Payments. Sanction Screening includes name screening and transaction filtering:

  • Name screening is the obligation by the Institution to screen its clients and its clients’ Related Parties against the Sanction Lists (i) when onboarding, (ii) when relevant changes occur in the Users' data (including any changes to the data of the Related Parties of the Users) and (iii) (a) when changes are made to the Sanctions Lists or (b) on a daily basis.

  • Transaction filtering is the monitoring of Cross-border iDEAL Payments against the Sanction Lists (and, with respect to the US Sanction Lists, only in case a US nexus exists) before being executed or processed.

Service Level Agreement (SLA)

An agreement in which the agreed level of service between a supplier or service provider and the supplied party is set out.

ServiceNow

The technical platform used by Currence iDEAL for the purpose of incident, change and problem management and for customer support.

Settlement

The financial settlement of iDEAL Payments between the Issuer and the Acquirer to be carried out via a central bank or other institution equipped for settlement using the data as provided during the process of Clearing.

Service Provider

Represents parties in the iDEAL Scheme that connect to the iDEAL Hub, but are not directly involved in handling iDEAL Payments.

Service Request

A request from Currence iDEAL to an Institution or from an Institution to Currence iDEAL in relation to an iDEAL Transaction or an iDEAL User Profile, e.g. a request for service, information or advice, which includes Data Subject Requests.

Sponsor PSP

A Payment Service Provider (PSP) to which an Acquirer has outsourced Clearing and Settlement of iDEAL Transactions where an iDEAL Payment is made:

  • to the Business IBAN on which the Acquirer collects iDEAL funds for its Acquiring Participants; and/or

  • to the Business IBAN of the Acquiring Participant, which Business IBAN is not issued by the Acquirer itself.

Subprocessor

Any processor for the processing of iDEAL Transaction Data or iDEAL Profile Data as governed by the Data Processing Agreement or the Joint Controller Agreement, respectively.

Subscriber (End Entity)

A subscriber or End Entity is an entity that's participating in a PKI and can be the subject of a Certificate.

T

Terrorist Financing

The provision or collection of funds, by any means, directly or indirectly, with the intention that they be used or in the knowledge that they are to be used, in full or in part, in order to carry out any terrorist offences.

TLS

TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet.

Trade Name

The name of the Business that the Merchant is using for offering the goods or services to which the iDEAL Payment relates and which is registered with the Chamber of Commerce (or similar organisation in other jurisdictions).

Transaction_ID

The number used for identification of an iDEAL Transaction executed by the User.

U

Ultimate Beneficiary

The Business Beneficiary (Merchant) or a Private Beneficiary (Consumer) that acts as the ultimate creditor of the iDEAL Payment, which ultimately receives the funds of an iDEAL Payment via either a CPSP or a C2C provider (the intermediary PSP that acts as the creditor of the iDEAL Payment).

Ultimate Beneficial Owner (UBO)

The ‘beneficial owner’ as defined in Article 3(6) of the AML Directive.

US Sanction Authority

The United States of America and the governments and official institutions or agencies thereof, including the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and the United States Department of State.

US Sanction Lists

Any lists of specifically designated persons or entities (or equivalent) or countries maintained by, or public announcement of Sanctions designation made by, any US Sanction Authority from time to time.

User (Payer)

The Consumer or Business using the iDEAL Scheme to make an iDEAL Payment through the Banking Environment of its Issuer.

UX flows

The Issuer user screens that a User must go through when initiating and/or authorising iDEAL Transactions, demasking iDEAL Profile Data or for iDEAL Profile Management.

V

Verified Payment Account

A payment account for which the account holder has been identified and the identity of the account holder has been verified by the relevant payment service provider.

Violation

Breach to the iDEAL R&R by an Institution.

W

Wft

The Dutch Financial Markets Supervision Act (Wet op het financieel toezicht).

Wwft

The Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme).