Why banks should phase out older versions of EBICS

Do you have any idea how many versions of EBICS are available? Do you know the status of your EBICS client? Which versions does the banking server allow? This article summarises the situation and explains how a proliferation of versions affects users.

EBICS came into official use in Germany on 1 January 2008, with version 2.3. Before that, some financial institutions had offered EBICS services using version 2.0 onwards. The first version developed jointly with France was 2.4, of which the final release 2.4.2 has been in use since 16 February 2010. The latest version of EBICS is version 2.5 of 16 May 2011, which is mainly offered by financial institutions in Germany and Switzerland. A new version 2.6 is currently being prepared likely for 2016. If we count all the versions that have been released and for which there have been implementations for banking servers and client systems, we come to a total of six (not including 2.6, which is yet to come).

Customers and banks need to use the same version of EBICS

The EBICS protocol is based on XML structures. New EBICS versions are characterised not only by new features and changes to the content, but also by a new version of the XML schema. Using the HEV job type based on the neutral H000 schema version, EBICS client systems can query the versions supported by the banking server, and when compatibility is established, continue communicating using the latest shared version. This means the EBICS banking server and the EBICS client system can only communicate without errors if their dialogue takes place using the same EBICS version. If too many versions are supported, there is a greater risk of the communication partners not having the same version. Data could not then be exchanged.

At the very least, an EBICS banking server which always supports every possible EBICS version would need a lot of maintenance. As well as this, all the improvements in new versions, including important security functions, would be undermined by the use of older versions. For this reason, when EBICS was specified it was agreed that banks should only have to support the latest EBICS version and its immediate predecessor.

Updates are missed – and that poses risks

In practice, things can be different. Partially through unawareness, customers fail to update their EBICS system to the latest version. Banks fail to notify their customers and continue to allow them to use older versions of EBICS. They lose track of the situation and the risks described above increase.
This is why we recommend that financial institutions keep an eye not only on their own EBICS versions but also the ones used by their corporate customers, and remind their customers to update them in good time. The financial institutions should deliberately stop supporting older versions and even phase them out completely. Corporate customers themselves should make sure they always have the latest EBICS software versions and plan regular updates.

It is important to keep track of the EBICS versions used and to minimise the risks by regularly updating. Because next year, probably it will be time for EBICS 2.6.


Post a Comment