High-availability payment transactions with EBICS and SWIFT

European inter-bank payment transactions move several trillion euros a day. This gigantic volume is processed bilaterally via national and European clearers such as TARGET2, STEP2 and SEPA-Clearer. The unobstructed flow of money is essential for the economy and for our entire way of life. For this reason, the IT systems involved are highly security-critical. Only the redundant use of the two transport protocols EBICS and SWIFT provides the necessary high-availability transport.


Astonishingly, the redundancies required are not applied consistently in the overall process. High availability is usually enabled by redundant in-house systems. However, a single point of failure remains: the electronic transport procedure; this must also be designed redundantly for system failures.

SWIFT and EBICS are the most widely-used transport protocols in international payment transactions. They guarantee high transfer security and a large volume – the two prerequisites for a dual-transport strategy. Additionally, the systems must be independent of each other. This is only fulfilled by a dual-vendor strategy. Therefore, the key to high availability is the combination of a dual-vendor strategy and a dual-transport strategy.

The dual-vendor strategy is already being used in highly security-critical scenarios to increase the failure safety. This rules out the manufacturer’s system from being the single point of failure.
Let us consider the dual-transport strategy with SWIFT and EBICS: The network topologies of the two transport protocols are complementary:

SWIFTEBICS
TopologyStar-shapedIntermeshed
ManagementManagedSelf-managed
FailureCentralSelf-healing
Mode of transferCableCable and satellite

With EBICS, failures are resolved through self-healing, i.e. the data is rerouted automatically. With SWIFT, on the other hand, the star-shaped network is managed centrally. This complementarity is an advantage in the case of failures, as it inherently rules out a single point of failure. Due to the dual-vendor strategy, SWIFT and EBICS are independent of each other and are therefore predestined for the dual-transport strategy.

In the case of a failure, with EBICS the bank or clearing company can influence the technical transfer path. If the terrestrial lines are down, they can switch to radio or extra-terrestrial systems, i.e. to satellites. The entire populated globe can be reached via satellite. This is an advantage of EBICS over managed networks such as SWIFT.

But how does this look in practice? Considering the risks of inter-bank payment transactions, the combination of the dual-transport strategy with EBICS and SWIFT and the dual-vendor strategy is appropriate. Therefore it comes as no surprise that services such as STEP2 from EBA Clearing and the SEPA-Clearer of the German Bundesbank offer both EBICS and SWIFT as well as the dual-vendor strategy. It will soon be possible to switch between the two transport protocols in the background. German banks and one French bank are already using EBICS and SWIFT to minimise the damage caused by failures. Additional European and also American banks are sure to follow.
However, it is astonishing that the authorities have not entered this field as yet. The consequences of a failure would be incalculable.

Michael Lembcke
Reactions:

0 comments:

Post a Comment