An anomaly of the Swiss implementation is the current restriction to signature types “T” and “E”. In the first case it is necessary to perform an additional approval via a separate channel (e.g. online banking). In the second case the order is processed immediately as the clients must themselves ensure that the necessary security measures are taken. Usually the person who has signed is not known in case “E”, rather only the customer or the contracting company.
The most important reason cited for not using the VEU in Switzerland is that the administration of the VEU rights for subscribers and accounts involves too much work. As the bank’s customer master data is often not directly linked to the EBICS product, data must be entered twice, and this becomes a significant overhead when you have a certain number of customers and changes to authorisations. What is needed is a mechanism along the lines of Electronic Bank Account Management (eBAM).
In the ISO 20022 standard, fifteen messages have already been modelled for these purposes (see acmt message category). The ISO messages can be used as a basis to expand the EBICS protocol so that customers can at least partially manage the accounts and subscribers themselves. Depending on the security requirement, multiple confirmations by the customer via signatures could be combined with a dual control principle on the bank’s side. For example, a delicate transaction would have to be checked twice by the customer and, in a final step, the bank would have to manually approve the transaction (but no longer create it from scratch).
This would already be possible today with a bank-specific order type (XYZ) for transferring XML account and subscriber data. The authorisations would be checked by the bank and applied automatically using the interface to the EBICS product (e.g. web services). From the Swiss perspective the mood is currently somewhat reserved on this matter, although many Swiss order types have already been introduced in this way, and the intention is to replace these in the near future with a general concept based on the French usage of FUL/FDL. We would welcome the inclusion of this requirement in a future order description in EBICS. Both customer and bank would benefit from increased automation.
Carsten Miehling
0 comments:
Post a Comment