EBICS and TLS 1.2 – somewhat more secure but not without its snags

Safety concept: Closed Padlock on digital backgroundCurd Reinert, Project Manager EBICS-Kernel, PPI AG

Anyone looking at the EBICS specification might be surprised to learn that it still prescribes version 1.0 for the Transport Layer Security (TLS). At one time that was a very wise choice – when the EBICS specification was published, TLS 1.0 was the latest technology. So this was mainly a decision against SSL, which put manufacturers and operators in a nice position e.g. concerning POODLE. EBICS ruled out SSL and so EBICS applications were safe from POODLE. It wouldn’t have had much of a chance with an EBICS client anyway: the attacker makes the client send thousands of requests to the HTTPS server so that, for example, it can access the session cookie. But EBICS doesn’t use session cookies, and the clients aren’t web applications that would execute malicious JavaScript code to send thousands of requests. But try explaining that to the auditors! Continue reading

Subscribe to posts:

Tags: |

EBICS on the Iberian peninsula

puzzle with the national flag of spain and euro banknoteIn 2014, the majority of Portuguese banks opened an EBICS channel based on version 2.4.2 of the protocol. Only the T profile is really used at the moment, however many companies would like to use the personal signatures that foreshadow the operation of the TS profile in the short term.

At the moment, very few Spanish banks offer their business customers the option of managing their financial transactions by means of the EBICS protocol. However, demand is getting more and more significant, as demonstrated by the presence of several participants at an event organised in Madrid by the Spanish Association of Corporate Finance Officers and Treasurers (ASSET) on 20 January.

Read this article in spanish (PDF)

Continue reading

Subscribe to posts:

Internationally in harmony with EBICS BTF

Correct BalanceSabine Wenzel, EBICS Secretary, EBICS SCRL

In 2010, the French CFONB and German DK banking authorities created a joint EBICS committee. One of its visions is to harmonise EBICS. The different procedures that already existed in these countries influenced the EBICS specification and are making it more difficult to implement EBICS. Germany and France use different approaches for the (short) identifiers for business transactions and for the formats to be used. This topic was given further momentum when Switzerland joined the EBICS SCRL. A harmonisation project was initiated with the goal of a standardised procedure for all of EBICS. This consolidation is known as EBICS BTF. Continue reading

Subscribe to posts:

EBICS – Opportunities to internationalise

spherical puzzle with missing piecesThomas Stosberg, GTB Product Management, Deutsche Bank AG

After Germany and France, Switzerland is the third country to join the EBICS community, taking the internationalisation of EBICS a step further. Has EBICS got the potential to become an international standard and is this in the interest of customers and banks? Continue reading

How to enhance EBICS, Part 7 – Automatic bank key update: Is this even possible?

Golden key and puzzleAccording to the EBICS specification, data is always transferred signed and encrypted. This applies to both directions of communication: customer > bank and bank > customer. In Germany, there are theoretically no limitations on the validity of the keys used for this. In France, at least the validity of the certificates is limited. For security reasons, it is absolutely necessary to renew the keys regularly. For the customer side, EBICS already provides functions for an automated key change for an EBICS user that has been initialised. However, the automatic renewal of bank keys is more difficult in practice. A “soft key change” is one solution. Continue reading

SIBOS 2015: Payments in motion

© SWIFT

© SWIFT

At SIBOS in Singapore traditionally SWIFT is starring and EBICS plays a supporting role. Nevertheless, the interest in the use and the future development of EBICS was great. More than 8000 visitors came to the exhibition at the Sands Expo and Convention Centre. This made SIBOS in Singapore the biggest event in Asia and the second largest in the world. The prevailing topics show that there are going to be even more major changes in payments. Continue reading

Migration of payment transactions in Switzerland: genuine end-to-end tests with EBICS

stickman pencil check redBanks in Switzerland are working hard on projects to implement the harmonisation of Swiss payment transactions in accordance with ISO 20022. Software manufacturers and corporate customers demand opportunities to test the new payment formats. What they are looking for is an end-to-end testing scenario that optimally reflects real-life processing by the bank. Very few banks in Switzerland can offer this type of test. This is where EBICS can help.

Continue reading

Subscribe to posts:

How to enhance EBICS, Part 6 – Unique identification of the acting person

Identity CardIs it possible for a payment order that actually has to be authorised by two different persons in EBICS to be released by only one person? Yes, under certain circumstances this is possible. For certain contract constellations between the financial institution and the corporate customer, it is not possible to uniquely identify the acting person.
Continue reading

Subscribe to posts:

What about EBICS in Morocco?

Flag of Morocco sticking in a pile of various european banknotesThe rise of EBICS in Europe hardly needs to be demonstrated any longer. But what about its development outside the borders of the European Union? There is one continent that to me seems perfectly suited to the adoption of a modern, high-performing and universal protocol for final flow exchanges such as EBICS: Africa. To be more precise, Morocco is the first place I think of, for reasons explained below. Continue reading

Subscribe to posts:

Tags: |

The Luzerner Kantonalbank AG offers corporate customers advanced solutions for EBICS and ISO 20022

ISO 20022_StempelRaphael Häfliger, Cash Management Services, Luzerner Kantonalbank AG

Since 2014, the Luzerner Kantonalbank AG (LUKB) has offered the EBICS communication standard in Switzerland, thus positioning a comprehensive service for professional payment transactions on the market. After the successful introduction of EBICS, it’s now time for the next step: As the first financial institution on the Swiss financial market, from autumn 2015 the LUKB will begin with the pilot phase of the launch of the “distributed electronic signature” (VEU). Continue reading

Subscribe to posts:

Tags: | |