Migration to EBICS 3.0 in France

EBICS 3.0 entered into force in France on 27 November last year. A good two months have passed since then and we think this is a good time to assess the progress of the migration to the new version.

The aim of this new version is to harmonise EBICS and thus ensure the following: 

  • a uniform EBICS version in all countries in which EBICS is used
  • uniform identification of BTF (Business Transaction Formats)
  • a uniform X.509 format for filing the key

The date of entry into force only applies to French financial institutions and is not mandatory for corporate customers. The latter can decide for themselves when they would like to migrate.

The big French financial institutions have been working on the migration projects for several months and most of them are now able to offer their customers the EBICS 3.0 channel. The others are in the final testing phase and will soon be opening the EBICS 3.0 channel.

The smaller financial institutions have not reached this stage yet. Only a few have started their migration projects and much suggests that they will only be able to offer the EBICS 3.0 channel in a few months' time, possibly even in 2020.

However, these differences in time implementation should not pose a hindrance to corporate customers keen to migrate to EBICS 3.0 in the near future. For in a transition phase of some length, even financial institutions that have already migrated to EBICS 3.0 will continue to support the 2.4.2 version that has been in force since EBICS was introduced in France (version 2.5 is currently used in Germany). This transition phase will give corporate customers time to update their client software.

Due, however, to a lack of interest in the new version, particularly on the part of corporate customers, the transition phase could drag on. To prevent this from happening, the financial institutions can offer their corporate customers additional services that will become possible with the extensions of the new version. These include simpler setup of transfers and the electronic distributed signature. The latter allows corporate customers to sign orders asynchronously after file transfer (in version 2.4.2, the electronic signature had to be sent together with the order file), thereby offering them greater mobility.

The impact of this will be particularly felt when the X.509 certificates are completely virtual and the mobile signature can really be used. Experts are working on this subject and efficient solutions can therefore be expected in a few months...

Marc Dutech 

How EBICS can be improved (Part 10) - EBICS downloads based on date and time specifications

In payments, it is becoming increasingly important for bank customers to be kept up to date on intraday payment movements, especially since the introduction of new procedures such as instant payments. This development also poses new challenges for the EBICS standard in the corporate customer business. EBICS customers usually have to actively retrieve information on payment movements from the bank server. The so-called historical download with date specification is the suitable method, especially for corporate customers using several EBICS clients. As, however, the historical download through EBICS is only specified to the day, in practice large volumes of data are downloaded several times intraday. Moreover, business timestamps for EBICS depend on the provision format and are therefore at best specified to the day and at worst simply not available on the bank server. The downloading clients then have the task of automatically filtering the redundantly downloaded data. Such behaviour currently places significant additional burdens on all systems involved, both on the part of the customers as well as the banks.

This situation could be remedied by extending the EBICS specification by defining specified time-controlled downloads.

In this case, the EBICS server would support an additional variant of the historical download. Unlike the previous standardised historical EBICS download, the time would now also be taken into account for the start and end times. Moreover, the stated times and dates should always refer to the time and date of provision. This would enable the EBICS server to deliver all data records that had been provided within the specified time period. For more flexible handling, it should also be permissible when making download requests to specify in each case only one of both times and dates. Otherwise, the download would behave in the same way as the previous standard download in the acknowledgement phase.

I think specifying such a uniform solution for all EBICS users in the EBICS standard could refine the download process for EBICS, reduce the burden on servers and significantly improve the process, especially given the growing need to be kept up to date. This would make the proprietary solutions already used in EBICS products superfluous.

Michael Lembcke

EBICS and the API discussions – a status update from Switzerland

Since SIX Interbank Clearing (SIC) became an official member of the EBICS SCRL as a representative of the Swiss financial market in spring 2015, a lot has happened with regard to corporate communication interfaces for banks. Considering the growing commotion in the area of electronic interfaces, the time seems right for this blog to take a closer look at the current situation.

Naturally, such an exploration must also broach the subject of APIs (application programming interfaces) – an acronym that is being proclaimed as the great salvation of digitalisation strategy in some bank management circles. Do APIs, particularly those for account information and payment order services, have the potential to render long-serving file transfer protocols like EBICS obsolete? This question especially arises when taking into account that start-up and fintech companies tend to prefer these streamlined APIs to the rather complex implementation process of EBICS.

To find an answer with regard to Switzerland, the reader less familiar with the Swiss financial market needs up-to-date background information. First of all, we should keep in mind that Switzerland is not a member of the EU and as such is in no way bound by the PSD2 (second payment services directive). This means that financial institutions are not obligated to offer APIs, which eliminates one major driving force. Unlike FinTS in Germany, there is also no standardised online banking interface in Switzerland. Nonetheless, the good news coming from the European Union has been heard in Switzerland, as well.

Before diving deeper into the hot topic of API initiatives, let us once again acknowledge how widely the use of EBICS has spread. In the past five years, following the example of the German implementation, the EBICS protocol has made its way into all larger institutions as a standard service offer for electronic data exchange with corporate customers. The ability of the protocol to transfer very large volumes and, more recently, the use of the EDS (electronic distributed signature) are highly appreciated by medium-sized and large corporate customers. All notable Swiss software providers with electronic banking solutions have made EBICS part of their product offer.

So far, so good, one might think. As mentioned before, the API discussion in Switzerland is in equally full swing. There are currently two initiatives worth noting, which we will briefly discuss in a moment. To be clear upfront, the author does not consider these initiatives a replacement for EBICS, but rather an additional option in the range of bank interfaces that is suited for a specific customer segment (usually smaller corporate customers that use cloud solutions for bilateral data exchange with financial institutions).

A highly promising initiative appears to be "Corporate API" by SIX and the Swiss financial institutions. The name refers not only to a freely accessible standard, but also to a suitable platform for that standard. Both are being developed by SIX in collaboration with representatives of financial institutions and software providers. The platform enables easy participation in a newly unfolding ecosystem that is set to provide services far beyond the PSD2 scope (AIS, PIS).

The formats offered by "Corporate API" are JSON and ISO 20022 XML. The JSON variant will be extremely easy and fast to implement and is intended for software providers who do not require the complexity of ISO 20022 messages. The ISO 20022 XML variant supports the entire spectrum of possibilities known from the CH payments migration. The end of 2018 will already see the first tests with piloting financial institutions and providers.

Another current project is called "Common API". The "Common API" by SFTI (Swiss Fintech Innovations) is based more heavily on the PSD2 and the implementation of the Berlin Group. In contrast to the "Corporate API", the specification of the SFTI defines the API in more general terms and leaves the selection of the target group to the service provider. According to information by SFTI, the big banking application providers are involved in the development of this standard. SIX has accompanied the development process of the SFTI specification from the beginning and will carry forward the results of the SFTI working group in the future. It is hence entirely possible that the two standards will turn out to be at least partly compatible.

The situation for software developers in Switzerland is not exactly simple, with EBICS as an established productive protocol on the one hand and new initiatives waiting in the wings on the other. Depending on the customer segment and the business model, solution providers are faced with the question which implementation they should offer – or whether perhaps it should be more than one. What's more, some financial institutions have by now released proprietary interfaces (such as the Hypothekarbank Lenzburg, which presents itself as a highly innovative fintech bank). If the application area is extended to Europe, already well-known initiatives like "Berlin Group", "STET" or "Open Banking" are added to the mix. As to be expected, the Swiss financial market has not adopted any of the existing standards, the "Swiss finish" remaining rather popular in these parts.

Carsten Miehling