When asking banks for information on behalf of customers, the bank needs to know the request is coming from a legitimate organisation. They also need to know the organisation asking for information is allowed to process it by the local regulator (e.g. account information or payments initiation). To achieve this certificates are used.
Certificates are used to establish secure connections with another party. They allow us to be confident that requests are being made from the intended source and have not been intercepted or altered maliciously.
These digital certificates can be issued by a few different organisations, although eIDAS standards ensure they can be used with all financial services providers that fall under under PSD2.
