Szafir Digital Signature Support Centre

phone: (+48) 22 545 55 55
fax: (+48) 22 545 55 99
hotline: 0 801 500 207

Branches and points of collection

If you have any further questions regarding the product, please contact us. We will make every effort to respond to your questions as soon as possible.


KIR is an experienced certification centre. For many years, our non-qualified certificates have been used to authenticate transactions sent via Elixir, the interbank clearing system. Every day banks use these necessary tools to ensure the security of messages and to send information via the Ognivo system within the bank and to other banks or authorized institutions. 

Why buy our set for the qualified Szafir digital signature?

  • availability – the largest network of its own branches in Poland, thanks to which each bank has easy access to services related to the digital signature, including professional consulting services,
  • convenience – KIR works with more than 700 entities delivering sets for the digital signature creation (qualified certificates), therefore, they can be collected all over Poland,
  • simple procedures – the simplest procedure of delivering the sets for digital signatures, which considerably shortens the time of the solution implementation in the bank,
  • legal capacity – KIR is entered to the register kept by the Ministry of Economy as a qualified provider of certification services,
  • flexibility of selling:
  • KIR offers an option to purchase digital signature both on-line and in the branch or from its partner, which allows the bank to choose the method which is in conformity with the process of placing orders in force,
  • you may enter into a contract with KIR for a fixed or indefinite period of time,
  • KIR offers an option to pay for the service once it is provided, without the need to make any prepayment,
  • upon request, KIR delivers and installs the set and provides training in the use of the certificate.

A set to generate the qualified Szafir digital signature is the only such service offered by the institution operating within the banking sector, which confirms its highest quality and safety.

KIR offers banks a solution that allows to replace paper documents with electronic ones in communication with the clients. Digital documents are properly secured and have the same legal effect as their paper counterparts. With digital signature the bank may secure all information transmitted via electronic banking and sign credit contract in the electronic form.

What does the set for the creation of the Szafir digital signature offer its users?

  • undeniable confirmation of identity – our qualified Szafir digital signature has the same legal effect as the handwritten signature,
  • integrity – information sent electronically and bearing the Szafir digital signature is protected against changes,
  • uniqueness of signature – each digital signature is different for a given document and is closely related to the one for which it was created,
  • possibility to confirm the existence of a document at a given time – the document can be additionally time-stamped, obtaining the so-called certified date. We can be sure that a document marked in such manner existed at the time indicated by the date.

The PSD2 directive, which opens up the financial market to non-banking entities (TPP), is entering its implementation phase. From March 2019, banks are obliged to make their interfaces available for testing and will open them in accordance with the applicable Regulatory Technical Standards (RTS) by September this year at the latest. Communication between the bank and third parties requires a suitable interface and appropriate protection. There are two special, qualified certificates for PSD2. On the Polish market, both types of certificates are offered only by KIR (National Clearing House) which also provides a solution facilitating the implementation of PSD2 - HUB PSD2.

The new regulations open up the financial market to so-called Third Party Providers (TPP). Fintechs and companies whose main activity is not based on financial services, such as Facebook or Google, will be admitted to areas previously reserved exclusively for banks. Thanks to PSD2, third parties will be able, with the customer’s consent, to obtain their bank account details, e.g. to have an insight into the transaction history. They will also be given the opportunity to initiate payments from the customer’s account with his/her prior consent. Importantly, in order for TPP to be able to order a payment transaction at the customer's bank, the TPP does not have to have a signed contract with the bank in question.

The European Directive entered into force in January 2018 and has been implemented into Polish law. The turning point in the implementation of the new regulations will be September 2019. Experts working on the Polish model of open banking (Polish API) unanimously emphasize that maintaining a high level of security is crucial in the implementation of the new regulations. The Directive limits the liability of customers for unauthorized transactions, mainly by transferring it to the service provider.

  • In order to enable effective communication, banks are obliged to provide an appropriately secured interface, says Elżbieta Włodarczyk, Director of Electronic Signature Business Line at KIR. According to the Polish API, ensuring the confidentiality of communication and authentication of communicating parties requires the use of appropriate qualified certificates, adds Elżbieta Włodarczyk.

Qualified certificates are issued in accordance with the rules set out in the eIDAS Regulation. The Regulation introduces three types of certificates. In the context of PSD2, two of them are used: a certificate for website authentication and a qualified certificate for electronic seal. The entity authorized to issue them in Poland is KIR which has the status of a qualified trust service provider.

  • A qualified certificate for website security is used to establish a secure TLS channel which will guarantee data confidentiality, says Elżbieta Włodarczyk. - In addition, each inquiry sent to the bank and its response within this secured channel is provided with a qualified electronic seal, verified with a qualified certificate. Importantly, a qualified certificate for PSD2 contains special data identifying a specific entity in the context of PSD2.

The certificates may be applied for by any entity which received from the Polish Financial Supervision Authority an authorization to provide services under PSD2. The roles that the company will play in the context of the EU directive will be included in the certificate. Their term of validity is from 1 to 2 years. The validity of the certificate can be checked on the CRLs published on the KIR website or by using the free OCSP service also made available by KIR.

Security is the keyword that appears in the discussion about PSD2 and open banking. An important aspect is also innovation and modernity in payment services which the directive aims to strengthen. In this field, the situation of Polish banks is unique, as the payment sector in Poland is one of the most modern and technologically advanced in Europe.

On the one hand, the banks themselves often play the role of Fintechs and provide their customers with innovative payment services, on the other hand they guarantee a high level of security which, as is particularly important for Polish consumers. As many as 43% of them declare that they would not feel comfortable if they had to share their account details with external entities. According to the same survey, nearly 30% of banks believe that new EU law may be an opportunity for them, and 43% of them have a neutral attitude towards it. It may turn out that one of the key beneficiaries of the changes brought about by the PSD2 directive may be high-tech banks.