Publications

Payment Authorisation in EUDI Wallets: Taking TS12 from Specification to Production, a paper by iGrant.io

Implement TS12-compliant Strong Customer Authentication with the iGrant.io Organisation Wallet Suite and Data Wallet, proven in production on live payment rails ahead of the 2027 deadline.

Event Details

13Jul2026
Payment Authorisation in EUDI Wallets: Taking TS12 from Specification to Production, a paper by iGrant.io

Description

By 24 December 2027, banks and other in-scope payment service providers in the EU must accept the EUDI Wallet for payment authentication when the user requests it, a hard deadline set by eIDAS 2.0 (Regulation (EU) 2024/1183, Article 5f). TS12 (Technical Specification 12) is the EUDI Wallet standard that defines how Strong Customer Authentication (SCA) for electronic payments must be implemented under eIDAS 2.0 and PSD2. Download the paper to learn what it takes to move TS12 from specification to production implementation.

This paper draws on a complete implementation of the EUDI Wallet SCA experience across all four TS12 transaction data types: payments, payment mandates, login and risk transactions, and account access. Together, these produce six distinct payment flows covering instant, scheduled and recurring account payments, card payments and both mandate variants. The implementation combines the iGrant.io Organisation Wallet Suite, the European Business Wallet offering for banks, PISPs (Payment Initiation Service Providers) and merchants, with the individual Data Wallet, using OpenID4VCI and OpenID4VP throughout and honouring the WYSIWYS (What You See Is What You Sign) principle that sits at the heart of TS12.

The work builds further on the production trials on live payment rails with Banca Transilvania, one of Romania’s largest commercial banks, and Fast Ferries (via UAegean) during the EWC Large-Scale Pilots, further validated through the WE BUILD Consortium, with deployment partners including Visa and Worldline. Going to production on existing rails, rather than pilot infrastructure, exposed a category of problems that specification work and proof-of-concept builds do not address: amount range edge cases, frequency-code mapping, charge-day derivation, date formatting across time zones and implausible payment counts, all of which are now handled defensively and documented in the paper.

Beyond implementation, the paper describes iGrant.io’s formal contributions back to the TS12 specification, on resolving the recurring charge day, on IBAN display on the consent screen, and on separating login and risk action transactions into distinct types, and sets out what wallet-based payment authorisation means for banks, PISPs, merchants and public sector bodies preparing for the 2027 deadline.