Both protocols, FinTS and EBICS, already cover almost all areas of banking, from payment transactions and securities trading to credit business. Overall, far more than 200 processes are available which bindingly describe both the business interfaces and the technical communication between the participating partners. HBCI and FinTS have been leading the way regarding open standards in communication with financial institutions since the 90s. EBICS was introduced by the Deutsche Kreditwirtschaft (DK), or its predecessor, more than ten years ago as a binding standard for communication with corporate customers. Open banking has thus been a reality in Germany for many years already.
No uniform PSD2 interface in sight
As good as the idea of open banking may be; the debate forced by PSD2 (among other things) leaves many financial institutions at a loss, including the willing ones. On the one hand, PSD2 is supposed to bring about an open banking standard for all of Europe. Then again, legal authorities have deliberately left open the question of how exactly communication should take place and how it should be secured. As a result, providers of open banking APIs are urging the banks to implement their solutions and adopt their own interpretations of open banking, just so they won’t be left behind. On top of that, various initiatives in various countries are developing protocols for technical/business application aspects, which is bound to lead to an uncontrolled number of API dialects. Cross-country concepts, on the other hand, are still a long way off.
All of this could develop into a bottomless pit for the institutions unless a uniform PSD2 specification that every bank can follow becomes available soon. As long as this does not happen, many open banking dreams will likely remain unfulfilled. After all, by law, the opening must be free of charge and free of discrimination. Earning money with it is for others. So what should be a bank’s motivation to keep adding new API dialects free of charge, just so that third-party providers can more easily spread their apps among the people? This would reduce the institutions themselves to the status of mere service providers. It is much more reasonable to fall back on long established standards.
EBICS: open banking for corporate customers
One such standard is EBICS. It is widely spread: aside from Germany, EBICS is also popular in France. A cooperation agreement exists between the Deutsche Kreditwirtschaft and its French counterpart, the CFONB. These two largest payments markets in the Euro zone use EBICS for the corporate customer and interbank business. Switzerland (SIX) is also a fan of EBICS, and Austria (STUZZA) is thinking about joining in. Instead of drowning in the API swamp, the question should be how EBICS can be expanded to comply with PSD2. And the answer is: with a remote signature (see Fig. 1). A modern EBICS portal can generate the signature from incoming data such as the code of a PhotoTAN or a QR TAN using hardware-based methods and send it to the EBICS bank server.
 | |||||||||||||
| Fig. 1: How remote signatures expand EBICS towards a PSD2 compliant open banking solution |
Author: Michael Schunk
0 comments:
Post a Comment