EBICS – on the way to the European market standard

Axel Weiß, Chairman of Board of Directors EBICS

Since 1995, corporate customers in Germany have handled payment transactions securely with every bank via a standard product and an electronic signature.
Already in 2003, the enhancement of the DFÜ Agreement was initiated by an internet-based version This variant of the DFÜ procedure was called EBICS “Electronic Banking Internet Communication Standard”. With this extension, the German banking industry met the requirement of customers and institutes for internet-based solutions in electronic banking.

The objective of this extension was to add internet protocol based transfer options to the uniform, multi-bank-capable bank standard “DFÜ with customers”, and thus extend the related range of application options. The current security requirements for corresponding securing mechanisms such as HTTPS are used here, with an additional strong authentication for the communication security.
EBICS is characterised by the following features:
  • one standard for all banks and customers, i.e. corporate customers can use one software to access any bank that offers EBICS
  • open standard, i.e. corporate customers can use standard products or individual software
  • modern technology and license-free international standards such as XML, HTTPS, TLS, ZIP
  • the highest security standards, e.g. encryption on the transport level and end-to-end
  • one means of transport for all business processes such as direct debits, bank transfers, bank statements, cash management, stock orders and much more
  • inclusion of service providers via multi-step signature concept
  • approval of orders regardless of location
  • the price and performance determine the competition, not the technology and the effort involved in changing the bank
Besides customer-bank communication, EBICS is used in Germany and increasingly in other EU countries for the secure, very cost-effective exchange of payment transactions between banks. Not least, the provision of a delivery channel for EBICS transactions at EBA Clearing led to a significant increase in the number of inter-bank transactions via EBICS, with around five per cent of all SEPA transactions processed by EBA Clearing now being processed via EBICS communication. As well as being used in the bilateral clearing of payments, EBICS is increasingly also being used as a backup solution to the existing communication channels, such as those provided by SWIFT.

In 2003, the English term “EBICS” was chosen to underline the desire to not only use this communication standard on a national level, but also to provide an alternative to existing approaches on European level for banks and their customers.

In Germany, banks were already obliged to support EBICS from 1 January 2008 onwards. The old FTAM standard has now completely replaced by EBICS.

In 2008, a cooperation agreement about EBICS was made between Germany and France. The French banking industry conducting a comprehensive make-or-buy analysis had recognised in advance that EBICS most comprehensively covers the requirements of French banks and their customers, and thus had the greatest potential to replace the ETEBAC communication standard used up to this point. It quickly became obvious to the participating banks and associations that the legally secure use of EBICS by all users would be by establishing a joint EBICS company. The purpose of the EBICS company lies primarily in the further development and maintenance of the EBICS standard and keeping the trademark.

After intensive negotiations between the German and French banking industries, the EBICS company was founded in June 2010. In setting up the EBICS SCRL based on Belgian law, close attention was paid to making the community non-profit-oriented and very lean, with minimal running costs. Additionally, it was ensured that the company is open to other banks interested in EBICS.
Therefore, the establishment of the company created the basis for the Europe-wide usage of the EBICS and its further development into a European market standard. In April this year, the declaration of membership of the SIX Interbank Clearing as the representative of the Swiss banking industry marked a further important step toward the Europeanisation of EBICS.

The declared aim is now to convince banking industries in other EU countries of the benefits of using, and in particular co-designing, EBICS – the doors are wide open to new participants in the EBICS community.

Axel Weiß

EBICS and mobile payments in France

In the “EBICS – a European standard for mobile payments” series, we will examine the situation in France.
A mobile solution allowing all users to sign for transactions remotely – in compliance with the EBICS TS protocol – would satisfy the requirements of the increasing number of “nomadic” signatories who are hoping that mobile banking with EBICS will soon finally become a reality.

This is on condition, however, that the solution is sufficiently flexible, meaning that it works on as wide a range of mobile phones and tablets as possible, regardless of their operating system (offering at least iOS, Android and Windows Mobile) and that it offers the same level of security as the EBICS TS signature software for PCs that is already used by thousands of signatories daily.

Mobile applications have certainly come of age courtesy of this or that editor, but they remain unsatisfactory and therefore little used since they don't possess the necessary flexibility or ease of use. Let us remember that, in order to conform to the specifications described by the CFONB in the implementation guide, each signature needs to have a personal signature certificate on a physical carrier delivered by a CA recognised by the bank. And that is what it is all about, because although it is possible to connect a USB token to certain tablets, it is still impossible to do so with all mobile devices, regardless of the brand. Or, if it is possible, it involves large and varying fees for adaptors and connections, may or may not work well and, worst of all, forces users to turn their device into a labyrinthine system, which dissuades even those with the best will in the world to use it regularly.
Furthermore, it seems neither reasonable nor opportune to oblige signatories to obtain an additional smartphone or tablet whose token connection is sufficiently convenient to be used whenever necessary.

One solution would be to replace the use of a physical carrier for storing the certificate with an ad hoc certificate for once-off use. But, apart from the fact that that would require the indispensable agreement of the CFONB, it would be necessary to re-register the certificate for a CA for each use, which would negate the flexibility of the system and thus its appeal.

This leaves the problem of the absence of standardisation for the distributed signature process, such as that enjoyed by our neighbours across the Rhine in the form of the Distributed Electronic Signature (VEU). Although it is regrettable, the fact that EBICS DS has not yet been realised does not mean that we cannot offer a coverage service that is functionally equivalent: one that allows travelling signatories to confirm orders before they are carried out. This management of signatory and signature book colleges is achieved by an upstream platform used by the company or by trusted providers and operators. Once the necessary number of signatures has been reached, only using the EBICS format (A005 or A006), the order and the retained signatures are forwarded to the server establishment via an EBICS file with a TS profile. It should be noted that this solution allows more comprehensive signature rights to be managed than those proposed by the EBICS (1+1 or 2) standard, which makes them potentially closer to users’ requirements.

Marc Dutech