High-availability payment transactions with EBICS and SWIFT

European inter-bank payment transactions move several trillion euros a day. This gigantic volume is processed bilaterally via national and European clearers such as TARGET2, STEP2 and SEPA-Clearer. The unobstructed flow of money is essential for the economy and for our entire way of life. For this reason, the IT systems involved are highly security-critical. Only the redundant use of the two transport protocols EBICS and SWIFT provides the necessary high-availability transport.

Astonishingly, the redundancies required are not applied consistently in the overall process. High availability is usually enabled by redundant in-house systems. However, a single point of failure remains: the electronic transport procedure; this must also be designed redundantly for system failures.

SWIFT and EBICS are the most widely-used transport protocols in international payment transactions. They guarantee high transfer security and a large volume – the two prerequisites for a dual-transport strategy. Additionally, the systems must be independent of each other. This is only fulfilled by a dual-vendor strategy. Therefore, the key to high availability is the combination of a dual-vendor strategy and a dual-transport strategy.

The dual-vendor strategy is already being used in highly security-critical scenarios to increase the failure safety. This rules out the manufacturer’s system from being the single point of failure.
Let us consider the dual-transport strategy with SWIFT and EBICS: The network topologies of the two transport protocols are complementary:

Mode of transferCableCable and satellite

With EBICS, failures are resolved through self-healing, i.e. the data is rerouted automatically. With SWIFT, on the other hand, the star-shaped network is managed centrally. This complementarity is an advantage in the case of failures, as it inherently rules out a single point of failure. Due to the dual-vendor strategy, SWIFT and EBICS are independent of each other and are therefore predestined for the dual-transport strategy.

In the case of a failure, with EBICS the bank or clearing company can influence the technical transfer path. If the terrestrial lines are down, they can switch to radio or extra-terrestrial systems, i.e. to satellites. The entire populated globe can be reached via satellite. This is an advantage of EBICS over managed networks such as SWIFT.

But how does this look in practice? Considering the risks of inter-bank payment transactions, the combination of the dual-transport strategy with EBICS and SWIFT and the dual-vendor strategy is appropriate. Therefore it comes as no surprise that services such as STEP2 from EBA Clearing and the SEPA-Clearer of the German Bundesbank offer both EBICS and SWIFT as well as the dual-vendor strategy. It will soon be possible to switch between the two transport protocols in the background. German banks and one French bank are already using EBICS and SWIFT to minimise the damage caused by failures. Additional European and also American banks are sure to follow.
However, it is astonishing that the authorities have not entered this field as yet. The consequences of a failure would be incalculable.

Michael Lembcke

EBICS as the European standard for mobile payments?

With all the developments currently taking place in mobile payments, it's easy to get lost. New solution providers are almost sprouting like mushrooms and there's a whole maze of technical standards. In a growing field of business, banks risk being left behind. Could a European standard such as EBICS be an answer?

The same rules apply for mobile payments as for transaction-based EBICS payments: there has to be secure communication, unique authentication and the confidentiality of order and master data. In the case of mobile payments this means a “secure element” (SD card, SIM, HCE, etc.), and encompassing the various transfer techniques (QR code, barcode, NFC, BLE, etc.). At the moment, there seem to be no rules in place, with all types of players entering the market. From large credit card providers, hardware producers (Apple, Samsung) to specialised service providers – they are all currently vying with the banks for transferring payments. For banks the task is very challenging because institutions will be able to opt for some services but not all.

For uniform and secure payment transactions, app developers and clients would need a standard protocol such as EBICS or FinTS. Such standards are well established in the rest of the payments sector. And with rules set out with ISO 20022 and SEPA, it'd be possible to reach around 400 million European account holders immediately. The first standards for mobile payments are provided, for example, by Jiffy from SIA Italy, a solution based entirely on SEPA.

This would also be beneficial to consumers and banks in that no third parties are involved with transactions fees, as is particularly the case with credit card payments – and additionally with ApplePay. The institutions would regain control of the market. Organisations such as the European Payments Council (EPC) could introduce and refine the standard in Europe.

Perhaps it's pushing it a bit, calling EBICS the standard for mobile payments, because EBICS has been developed primarily for asynchronous processing. However, my fellow bloggers have already pointed out where there is potential to extend EBICS here: Interactions would have to be performed in real time. One synchronous response per single transaction would be necessary. If, in the near future, real-time clearing also becomes established throughout Europe, this might all be worthwhile. I wonder what your feedback will be.

Carsten Miehling