The digital euro - more questions than answers?

The European Central Bank will be taking a close look at digital currencies in the coming years. The design options are manifold and raise questions.

This month (Oct. 2021) is set to kick things off. The European Central Bank (ECB) is launching a two-year analysis project to assess what the design of the digital euro might look like. The outcome of the analysis phase will be a decision on whether and in what form the ECB will provide the digital euro.

However, it is clear from previous discussions and publications: the digital euro will have few parallels to functions of current private cryptocurrencies. Blockchain infrastructures and their advantages are barely considered in the context of the digital euro. The European Central Bank will focus on alternative approaches to cash and the impact on the monetary system.
The (implementation) scenarios are nevertheless diverse, leaving room for exciting discussions. Potential forms and effects need to be understood and evaluated in depth.

The key questions below can serve as an initial baseline:

  • What added value and use cases are generated for the various stakeholders?
    • Financial institutions, payment service providers, private individuals, commerce, industry, European Central Bank
  • What does the technical design of the digital euro look like?
    • Will the digital currency be built on an account or token infrastructure?
    • How will value be transferred between the participating parties?
    • Will users be provided with a digital product only?
  • How will usage for private individuals be designed?
    • How will anonymity be ensured?
    • Will there be limits on the amount that can be used and deposited?
    •  …
  • How and by whom will onboarding and provision be carried out?
    • What regulatory requirements will arise?
    • How will financial institutions and payment service providers be involved?    
    •  …


Even though the analysis project is just starting, many trends can already be identified. PPI is following this topic with great enthusiasm and has already drawn up a number of theses on these questions. We will share and discuss them with you in the coming weeks.

Author: Philipp Schröder


Faster and easier – automation progress for setup of EBICS bank access

EBICS payments are becoming more and more widespread in Europe. Most recently, Austria has also committed to the secure standard for corporate payments. However, the highest level of security requires the compliance with the standard and a thorough verification when establishing the digital business relationship. During the first initialisation of the EBICS bank accesses, a few steps define the process: the EBICS client generates a user bank key during the initialisation of an EBICS bank access, which is then sent to the bank server. In addition, a letter signed by the user with the public bank key is sent to the financial institution for personal identification and verified there. If everything is correct, the financial institution releases the set-up bank account and sends the user a welcome letter containing a rather long hash value for comparison. The users enter their hash value manually in the configuration mask of the EBICS client.

 
Of course, a successful key activation requires that the hash value be typed without errors. The paper letter ensures "separate channels" of processes but is perceived by many users as very tedious and time-consuming. And the final activation process by the financial institution may take a few days before the user can finally use the EBICS bank access in the EBICS client.


Is it not possible to do this in a more easy and quick way to relieve the user? 


Financial institutions that operate corporate web-based applications can take advantage of the trust that is placed in them. They can store the hash values of the different EBICS banks that they already know in their web application and thus make them usable for all their customers. Unknown or incorrectly stored hash values are ignored and the activation of the user remains as it was. 


The manual entry of the hash values of each EBICS bank account by the user can thus be omitted. As soon as the users have initialised themselves at their bank accesses and have been activated by the financial institution, the hash values of the public EBICS bank keys are automatically downloaded and compared with the stored values in the background. If this check is successful, the assigned order types of the user can be automatically downloaded via HTD. The user can use the bank account immediately after downloading the order types. This saves time and is easy on the user's nerves by eliminating the need to enter the hash value, which can be up to 32 characters long.

All this was realised in TRAVIC-Port with the version 4.6 by PPI AG and is in use with the first operators.


As of version 4.6 of TRAVIC-Port, when using the additional licence the final steps in the initialisation process for hash value matching are automated.

The acceleration and simplification of these processes are well received by users. The initialised bank access continues to secure corporate payments with all the benefits of the EBICS standard. And for financial institutions this represents a further step in the acceleration of processes through automation in corporate payments.

Author: Christian Veith


Card payments in times of a pandemic

"The tide lifts all boats, even those with holes in the hull" – thus goes a German stock market saying, verbatim.
In our case, of course, this does not refer to any catastrophic flood scenario, but rather to positive exogenous effects on payments and an entire industry.
 
The last year and a half of the global pandemic was just that for card-based payments – a tide lifting up almost all parties involved. Transaction figures for card payments went through the roof; some even say that food retailing in particular had four Christmas seasons. Especially the girocard, which is preferred by many Germans, has benefited from this. The number of transactions increased by 4.7% in the first half of 2021 compared to the same period in the previous year, while total sales increased by 2%. The girocard was thus used considerably more, while shopping cart sizes did not change significantly. (1)

The same is true for the increasing prevalence of contactless payments. While the card schemes and issuers have spent years and enormous sums of money promoting the use of the NFC function of cards and reducing customer inhibitions, the pandemic has pushed its popularity to a "new normal" in one fell swoop. As many as 64% of all girocard transactions were contactless in the first half of 2021.1 Customers have finally understood this long-established function and made it a de facto standard – no amount of advertising could have achieved this in such a short time.

The development of the enormous increase in girocard transactions is exciting to observe insofar as there are more and more institutions that are questioning the previous co-badging strategy (i.e. girocard in combination with V Pay/Maestro) and in some cases are moving entire portfolios to the native debit solutions of the major card schemes (Mastercard/Visa Debit). This transformation in the German card market will essentially continue over the next few years and, in the long term, challenge the dominance of the girocard in Germany. With this in mind, it will also be interesting to observe to what extent the acquiring market in Germany – so far dominated by the large network operators – develops.

An important driver in this context is a European payments initiative currently being promoted in Germany. EPI (European Payments Initiative) is intended to provide a pan-European card solution that will enable payments in stationary trade and e-commerce within the European domestic market across borders and independently of international schemes. The current plan is to connect existing national card systems and ideally roll them out in all European countries. EPI is focusing on instant payments as the new European standard and would like to offer a mobile wallet in addition to the card solution. However, leaving Europe in the future will then mean relying on the global brands once again.

If we look at e-commerce, a similar picture presents itself: in Germany, the newly merged payments solutions paydirekt and giropay as well as Kwitt and girocard have been bundled under the "#DK Initiative" in order to present a powerful payments solution. The challenges are similar to those of EPI and success is only realistic if the different interests of many parties can be united.

All these initiatives and changes to the existing systems are continuously challenged by new FinTechs that occupy relevant niches in payments. Here, socially relevant topics, such as the recent "True Name" on credit cards, are also being implemented quickly and with effective advertising.

In summary, it can be said that the pandemic has so far proven to be an accelerator of many existing developments in card-based payments and has triggered changes that will shape the industry for years to come. It remains to be seen whether the specific effects of the pandemic will be followed by the gradual stabilisation of a "new normal" or whether the rapid transformation will continue and lead to fundamental changes in the market.

Authors: 


Sebastian Litschke 

Jonathan Kutkuhn 

(1) girocard mid-year figures 2021 (German): https://www.girocard.eu/presse-mediathek/pressemitteilungen/2021/girocard-halbjahreszahlen-2021/

More convenience for EBICS customers

When it comes to making things more convenient for corporate customers using the EBICS protocol, there are a few hurdles to overcome. The first challenge is configuring the communication parameters to reach a desired EBICS bank server, the next is the complicated exchange of EBICS keys via INI letter and bank key activation.

If we as customer product manufacturers could get help from the EBICS Company for the first task, i.e. the configuration of the communication parameters, we would quickly be able to make the second task, the key exchange process, much easier for users of the EBICS protocol.   

 This scenario could be implemented quickly by the EBICS Company providing authorised and registered manufacturers with a list of all EBICS banks, their technical access and host ID, and the last known bank key as a hash value. Then the customer product manufacturers could integrate the provided values into their EBICS customer applications and considerably simplify the configuration of the technical EBICS access for users. User input errors with lengthy support requests would be a thing of the past and users would have one less hurdle to overcome to use EBICS.

With the data provided by the EBICS Company, the verification of bank keys in customer products could also be simplified. This would reduce the complicated process of EBICS key submission and bank key checks to a minimum. Indeed, it is conceivable that customers would then receive an activation within a few minutes and could immediately begin using EBICS communication. The effort required to activate the EBICS access would then be comparable to the activation of online banking for private customers.
Dear EBICS Company, would you consider creating an EBICS bank list? Like the one DK has been providing in a similar form for FinTS bank servers for years?  

Author: Michael Schunk

Request to Pay – the economy needs this standard

On 15 June 2021, the new European standard for electronic payment requests Request to Pay (RTP) transformed from a theoretical construct to a practical reality. On that day, the SEPA Request to Pay (SRTP) rulebook came into force. The Euro Banking Association (EBA) in particular had been working hard on the project. It is only understandable that the organisation also wanted to know whether there are many companies in the economy that want to use RTP in the near future. In September 2020, EBA launched a large-scale survey of companies across Europe with PPI as a partner. The results recently published under the title "Request to Pay: What Corporates Want" are not surprising in their tendency, but in their consistency. Almost 100 per cent of the companies are interested in using the standard. What is important for them above all is uniform usability throughout Europe. Not surprising – after all, 70 per cent of the companies surveyed also want to use RTP for cross-border payments.

The main part of the survey revolved around the companies' assessments of the use of RTP in the fields point of sale (POS), e-commerce, e-invoicing and recurring payments. Here, too, attitudes towards the standard were clearly positive across the board. In all the areas surveyed, over 80 per cent of participants could at least imagine using RTP. In the area of e-commerce, the quota was even over 90 per cent.

At the same time, the EBA and we wanted to know what could make RTP even more attractive for companies. The answers revealed a number of possible improvements. The main aspects are standardisation of procedures, offering value-added services, end-user acceptance, risk management and clear prospects for the future. 

The latter also includes the most frequent requests for additional features: quickly achieving a high market penetration, integration into standardised, fully automated processes that are, for example, embedded in ERP systems, as well as use in combination with instant payments or other payment guarantee options. Of course, no vendor wants to let a customer leave with the goods if they do not have the money yet. If, however, buyers had to wait until the corresponding amount was credited to the seller's account, the acceptance of RTP, especially at the point of sale, would probably be close to zero. In this case, it might be necessary to examine whether the notification of the accepted or instructed RTP can be designed as a legally binding payment guarantee.

The companies surveyed see an additional benefit in the possibility to include structured remittance information in the data record. This facilitates the allocation of incoming payments to specific transactions within a goods management system and is a prerequisite for fully digitalised, largely automated invoicing and payment processes. Furthermore, companies see RTP as a good opportunity for significantly more direct downstream communication between sellers and buyers of goods and services: for example, 43 per cent can imagine transferring warranty or return information with the data record.

In total, companies from 20 European countries took part in the survey, two thirds of which generate a turnover of 50 million euros or more. A download link to the free final report "Request to Pay: What Corporates Want" as well as further information on RTP can be found here: https://www.ppi.de/en/payments/request-to-pay/success-story-eba-request-to-pay-survey/

Authors: Eric Waller, Anuschka Clasen

EBICS 3.0 in the home stretch

By 22 November this year at the latest, the time will have come. From that day on, German payment service providers are obliged to offer their corporate customers EBICS 3.0, to be precise EBICS 3.0.1, alongside the previous version 2.5. For Switzerland, SIX has also issued a recommendation for the support of EBICS 3.0 from November 2021, and in France, EBICS 3.0 can already be officially offered by financial service providers since January 2018.

The Deutsche Bundesbank has announced that it will switch completely to EBICS 3.0 from 22 November 2021 for a transitional period of one year. EBA CLEARING has a similar position regarding its EBICS services.

What does the EBICS changeover mean for all those involved in EBICS?

Financial institutions and financial service providers are preparing for November 2021. EBICS 3.0-capable systems are already in use in many cases. It is possible that EBICS 3.0 has merely not yet been activated.

For the transition period from EBICS 2.x to EBICS 3.0, the specified or agreed BTF and order type mappings must be stored on bank side and corporate customer side. They can be discontinued later if no order types or FileFormat parameters are specified for new EBICS business transactions in the future. 

All parties should consider the crypto life cycle (see crypto life cycle on https://www.ebics.org/en) for EBICS before migrating to EBICS 3.0. This includes minimum key lengths, key procedures, and TLS requirements that must be met. Due to the key procedures it defines, EBICS 2.3 will automatically expire on 22 November.

All this requires the latest EBICS software. Corporate customers should therefore arrange for an EBICS 3.0 update of their EBICS clients at an early stage so that they can react to the EBICS changeover of the financial institutions. In order to avoid a time-consuming reinitialisation, corresponding EBICS and key updates should already be completed on client side before the bank-side shutdown of key procedures and lengths as well as EBICS versions. The key updates may be required to migrate to EBICS 3.0.

Since the text-based customer protocol (order type PTK) is no longer specified for EBICS 3.0, financial institutions may no longer offer it for EBICS 3.0. If the customer protocol monitoring of corporate customers is still based on the PTK, an early changeover to the XML-based HAC is recommended for them.

Corporate customers can also look forward to a few new functions that EBICS 3.0 provides. These include the technical double submission check, the optional specification of the original file name when uploading and the EDS flag (EDS= electronic distributed signature), with which the corporate customer can directly control whether the submitted order should undergo the EDS process or be checked directly. 

Those are some of the relevant points that I would like to share with you to help you cross the finish line successfully. Ultimately, it is important to be prepared for the approaching EBICS changeover and to take the necessary precautions.

And what about you? Have you already started your final sprint to EBICS 3.0?


Author: Michael Lembcke

Request to Pay – a revolution without revolutionaries?

Technically, the European payments market could be in a mood for celebration - after all, the first concrete regulation for a pan-European electronic payment request came into force on 15 June 2021. The SEPA Request to Pay (SRTP) Scheme Rulebook defines the parameters for all participating financial institutions. Once this system is set up, companies simply send their customers a digital data record with the details of the payment request. The payers can transfer the included information such as IBAN, sum or remittance information into their banking system with a mouse click and then only have to authorise the transaction. 

Few reactions

Experts see RTP as a potential revolution in the European payments market. However, the participants for the revolution have been lacking so far. Efforts to launch products based on RTP are hardly discernible. The question arises as to the reason for this reluctance. Are financial institutions worried about a lack of demand? Is the implementation too complicated or too expensive for them? And what can help financial institutions if they want to launch SRTP products?

There is no lack of interest

The demand is there among the ultimate addressees, i.e. the private and corporate customers of the banks, at least on the business customer side. A survey by the European Banking Association (EBA) in cooperation with PPI clearly shows this. Regardless of which potential application scenario European companies were asked about, the willingness to use RTP in their own company was generally well over 80, sometimes over 90 per cent.

Manageable effort

Of course, a new payments standard does not come for free and cannot be implemented overnight. If a corresponding project is approached with the classic waterfall methodology, a duration of 18 to 24 months is to be expected. With modern means such as agile development, however, this period can be shortened. The key is to have a clear strategic idea of what an RTP product should be able to do. Furthermore, it must fit into the long-term business plans of the financial institution. The actual costs depend on the specific circumstances. But they are likely to be similar to those of an instant payments introduction. Institutions that have already introduced this service have advantages, because some of the important aspects for RTP have already been taken care of. They then only have to apply about 30 to 40 per cent of the mentioned cost framework.

In any case, the investment should pay for itself quite soon. After all, RTP products and services strengthen customer loyalty and can help institutions win back market shares. Especially since at least no major player has yet announced plans to enter the RTP market. 

Launch the first projects soon

Financial service providers should definitely take advantage of this. Minimum Viable Products (MVP) are suitable for a quick market entry. An alternative is cooperation with one or more business customers. Companies in particular should have a strong interest in RTP, as the use of the standard can save considerable sums in billing process costs.

Sooner or later, an entire product world will emerge around RTP – that much is foreseeable! Institutions that enter the new market early on can look forward to this development with joyful anticipation. We are happy to support financial service providers with the implementation. We have summarised the basics in the latest white paper "How Request to Pay becomes a success story for financial service providers", which is available for free download here.

Authors: Eric Waller, Anuschka Clasen