How to enhance EBICS, Part 9 – EBICS is ideal for transferring files of all sizes. – Yes, but …

Businessman pushing button download webThe data behaviour for payments also continues to change with SEPA. New processes mean that the files exchanged between customers and banks and in bilateral exchanges keep getting bigger. In the customer-bank relationship in particular, the download function for data downloads (e.g. account statements) via EBICS plays an important role. And here at least there seems to be a need for optimisation. For particularly large files, various factors make it difficult to perform a successful download.

Continue reading

Software producers and financial institution promote EBICS in Switzerland

Competitive EdgeSince 2013, the major Swiss banks have offered their corporate customers the EBICS communication standard. Since May 2015, Switzerland has been an official member of the EBICS committee that aims to promote and maintain the standard throughout all of Europe and beyond. To help EBICS make a definitive breakthrough, the leading EBICS producers and the major Swiss bank Credit Suisse have formed a work committee to promote EBICS in Switzerland (AFES). Swiss software producers benefit from a campaign that enables a smooth start with EBICS.

Continue reading

Subscribe to posts:

EBICS and PSD2 – how will they work together?

European flag clock with words Time for Action on its faceThe European Parliament’s Payment Services Directive PSD is the legal basis for the EU-wide uniform internal market for payments. The current version, PSD2, was published on 23/12/2015 in the Official Journal of the European Union and must be implemented in national legislation by 13/01/2018. How does the PSD2 affect EBICS?

Continue reading

“Offline payment software in the sights of hackers – Swiss companies affected”

Network Safety ConceptThe above headline is taken from a statement by the Reporting and Analysis Centre for Information Assurance (MELANI) from July of this year. The statement describes a new type of hack on companies in Switzerland.

To process mass payments, especially in the case of multibank accounts, companies today generally use offline software for the transmission, approval and execution of electronic payment orders. Transfers are triggered automatically directly from within the ERP software and are transmitted to the bank via secure protocols. This type of payment processing accounts for the majority of the electronic payment orders executed in Switzerland today.

Continue reading

EBICS mobile – any time, any place

EBICS mobile HSHMichael Schunk, Product Manager, PPI AG

The EBICS protocol is designed to transfer large data volumes, call up account information and authorise orders. These are the basic requirements of a treasurer and they are fulfilled by EBICS, guaranteeing the success of EBICS.

In the age of digitalisation, more and more information is provided at increasing speeds. Even EBICS must fulfil this requirement, and its response consists of mobile EBICS apps that inform the customer fast. Continue reading

Subscribe to posts:

Hacker attacks on SWIFT payments

hacker at work with graphic user interface around81 million US dollars – criminals have stolen this enormous sum from the central bank of Bangladesh, not in a movie-style heist but very quietly via hacking. The thieves made more than 30 bank transfers from the account of the Bangladesh Bank at the New York Federal Reserve Bank (Fed) to Philippine accounts. This case and others show that inter-bank payments are a lucrative target, and that the security of the SWIFT international financial network is vulnerable. Penetrating this network certainly requires a lot of effort, however the loot that can be expected is even greater. In view of such professional attacks, the security of payments is at the top of the agenda once again. Continue reading

How to enhance EBICS, Part 8 – Preventing double submissions using EBICS tools: What’s going on?

FINGERPRINT BLACK WHITEIt happened in a blink. The payment orders were accidentally transferred to the bank twice via EBICS. Nobody noticed. A number of such error cases are possible:

  1. A payment was entered and sent twice in the order input.
  2. The file with the payment orders was transferred again – for the second time.
  3. For technical reasons, the payment file was transferred twice because the transfer status of the first transfer was not clear.

A double submission is basically a case of a customer submitting a payment or file with identical data to the bank again within a defined period of time. However, is an identical submission always a double submission that generally must be rejected? No, because some payments are deliberately prepared and transferred multiple times by the submitter. Continue reading


Service Satisfaction IndicatorPatrik Giger, Head Payment Connectivity Services, UBS Switzerland AG

For the fifth time in a row, UBS was named “Best Domestic Cash Manager Switzerland” in the Cash Management Survey 2015 conducted by Euromoney. This success is a result of many years of focussing on customers’ needs and optimal product and service quality.

One component of this range of services is the infrastructure for connecting customer systems directly, for which an interface based on proprietary data exchange has proven itself over the years. This direct connection is used by customers in Switzerland. Internationally, customers mostly use a connection via SWIFT for Corporates or multi-bank services to exchange payment data and reports with their financial institution. 

It is already possible now for UBS customers to execute their global financial transactions securely – in particular for international branches. A major goal of the new infrastructure is to make the connection to financial institutions more secure, convenient and standardised. Continue reading

Subscribe to posts:

EBICS and TLS 1.2 – somewhat more secure but not without its snags

Safety concept: Closed Padlock on digital backgroundCurd Reinert, Project Manager EBICS-Kernel, PPI AG

Anyone looking at the EBICS specification might be surprised to learn that it still prescribes version 1.0 for the Transport Layer Security (TLS). At one time that was a very wise choice – when the EBICS specification was published, TLS 1.0 was the latest technology. So this was mainly a decision against SSL, which put manufacturers and operators in a nice position e.g. concerning POODLE. EBICS ruled out SSL and so EBICS applications were safe from POODLE. It wouldn’t have had much of a chance with an EBICS client anyway: the attacker makes the client send thousands of requests to the HTTPS server so that, for example, it can access the session cookie. But EBICS doesn’t use session cookies, and the clients aren’t web applications that would execute malicious JavaScript code to send thousands of requests. But try explaining that to the auditors! Continue reading

Subscribe to posts:

Tags: |