The digital euro and the alternative for cash

The European Central Bank (ECB) has been observing that consumers in the euro area are using cash less frequently, and not just since the Covid-19 pandemic. The use of payment methods has already changed due to increasing e-commerce, digital payment methods and home banking.

The nevertheless strong attachment of many Europeans to cash is driven by its use for settling smaller amounts: whether it is paying in a restaurant, grocery shopping at the weekly market or the euro coin needed to use the shopping cart – it is impossible to imagine life without cash.

Moreover, cash offers further added value for citizens:

• Payments remain anonymous and there are hardly any data protection concerns.
• Cash is safe, for example from bank insolvency.
• It is not taxed by the state or burdened by negative interest.
• Cash is widely accepted and can be easily transported.

In addition to cash, consumers have the option to pay digitally – for example with their smartphone at the point of sale, their credit or debit card or online payment methods in e-commerce. However, these payments are predominantly made with scriptural money, i.e. money issued by financial institutions. There is currently no digital alternative to the cash issued by the ECB.

The important aspects of cash and the differentiation from digital payment methods are what the ECB wants to investigate for the introduction of a European digital currency. With the recent launch of a two-year analysis phase, work on a digital euro is becoming concrete for the first time. As a result of the analysis it will be decided, among other things, whether and in what form the aforementioned aspects will be taken into account.

The premise is that the digital euro should not replace cash, but complement it. From the consumer's point of view, the digital alternative must represent the highest level of anonymity and security. Consumers need the digital alternative to the euro to be designed in such a way that anonymous payments - at least of smaller amounts at the point of sale – are still possible.

Besides data protection and security, provision, availability and interoperability are highly important. According to current information, the ECB wants to involve commercial banks and payment service providers (PSPs). They are to remain active as intermediaries between central banks and consumers. Tasks such as identification, onboarding and wallet provision need to be managed. However, if one takes a closer look, many open questions remain unanswered so far:

• How many payment wallets are consumers allowed to have?
• What provision methods will be available (mobile wallet, physical card, payment bracelets, etc.)?
• How can offline payments be made possible?
• Can the digital euro also be used to pay in e-commerce?
• What will be the maximum amounts for individual payments and the whole budget?

How these questions will be answered and how the digital euro will ultimately differ from cash or existing digital payments is something the ECB is expected to announce in two years' time. After a subsequent three-year development phase, the digital euro could be piloted in 2026.

We at PPI are following this topic with great enthusiasm and consider a clear demarcation between digital cash and digital payment methods in terms of usage for private individuals to be an essential element of the analysis phase. To keep you up to date on current developments, we will use this blog to regularly inform you about news on the digital euro in the coming year. 

 Philipp Schröder

Read more

One year left until the TARGET2 migration – are you ready?

The time for change is less than twelve months away. On 21 November 2022, TARGET2 will switch from MT to MX, one year later than originally planned. According to the Bundesbank, the migration affects approximately 1220 participants, of which 955 are in co-management (https://www.die-bank.de/news/fachtagung-zahlungsverkehr-der-zukunft-update-19327/). At the same time, the transition phase of SWIFT's ISO migration begins. After Switzerland and Japan, the TARGET2 (EUR) system is one of the next systems to be migrated to ISO 20022. In 2023, the UK and the US plan to follow suit, so they will certainly watch the implementation closely. 

The tight schedule of the consolidation, in addition to day-to-day business and other projects such as the ISO migration of SWIFT, will be a challenge for many financial institutions migrating their IT to MX. Time has passed quickly and the extra year was shaped by further preparations. The technical concepts have been written, the implementation and internal tests are in full swing.

Looking back

The connectivity tests were started at the beginning of September. E-ordering for the technical registration for the TARGET services was carried out with the respective network service provider (NSP): SWIFT or SIA. Some financial institutions were thus able to establish a U2A or A2A connection with ESMIG as early as the beginning of October. All participants are obliged to report their test results to the Bundesbank. This obligation also exists should the connection be established via a third party, for example through a SWIFT service bureau. All evidence had to be provided by 30 November. The connectivity tests to ESMIG had to be completed by 1 December.

Looking ahead

By implementing the remaining milestones in the coming months, the participants will be optimally prepared for the migration. However, this also means that from now on at the latest, staff should be assigned to testing with the highest priority to ensure that these final milestones are achieved.
The upcoming connectivity and community tests were further highlighted in the Bundesbank trainings in October and November. Once the form for master data creation is submitted, the Bundesbank automatically makes the necessary settings in the test system and creates user data.

The participant must then enter all master data once for the test system and then once again for the production system. No master data is transferred from the existing systems. The corresponding entries can therefore be internalised in the test system and the participants can familiarise themselves with the applications.

From the beginning of December, after the Bundesbank has created the first master data based on the form, the participant is obliged to create the other master data. This data makes up the basis for further "Mandatory Test Cases" that can be carried out from 1 January 2022. In November, an Information Guide for TARGET Participants was made available for "Operational Related Testing". In addition, self-defined tests can be performed for a total of 7 months to check the functionality of all TARGET2 services and their interaction.

An overview of key dates

• The next milestone "Community Test" will start at the beginning of December and cover "Business Day Testing" (including T2S and TIPS) and "Operational Related Testing" (including ECONSII). 
• In big bang migration year 2022 will see the "Migration Week Rehearsal" (MWR) from 28 March to 1 April. These tests will take place during the week and ensure that the master data has been configured correctly. The initialisation of balances on T2 will be checked. 
• The "Migration Weekend Dress Rehearsals" (MWDR) will take place on 8 July, 23 September and optionally 15 October. These dates will be used to test additional functionalities during the weekend. The dates published by the Bundesbank for the MWR and MWDR are mandatory for all participants.

The Bundesbank also provides tutorials, i.e. videos for conducting the tests. For example, the different inputs of the U2A and A2A DNs were pointed out during the training sessions. The tutorial provides support and guides the participant through the entries step by step. For questions related to testing, the Bundesbank has also provided the e-mail address targetservices-test@bundesbank.de.

Proof of testing for different "Mandatory Tests" should be sent collectively if possible. However, proof of individual tests can also be submitted later. If test cases cannot be carried out because they are not relevant for the financial institution, e.g. if the financial institution does not have an RTGS DCA, no test needs to be performed – in agreement with the Bundesbank. A written statement on the individual case must be provided to the Bundesbank.

The trainings have shown some of the complexity that needs to be implemented. It is no longer sufficient to give only a rough traffic light based assessment on the implementation status of the TARGET2 consolidation. Now proof of testing results is needed, which will make apparent who has succeeded in the technical implementation.

Between a quarter and a third of central banks, "Closely Monitored Participants" and "Regularly Monitored Participants" have so far reported the status yellow, meaning they foresee risks that could make their TARGET2 migration more difficult (https://www.ecb.europa.eu/paym/intro/events/shared/pdf/fs12/2021-09-30-focussession-t2t2sconsolidation-marketreadiness.pdf, https://www.ecb.europa.eu/paym/intro/events/shared/pdf/fs11/T2-T2S_Consolidation_Market_Readiness.pdf). Although the participants' internal tests should be finished by the end of August, many participants are still only midway through the testing phase. It therefore seems difficult to define the individual milestones. All TARGET2 participants must take particular care now to ensure that they have met the requirements of the milestone by the time it is completed.

Authors: Viktoria Liehmann, Sabine Aigner

Read more

Green light for SEPA 2.0

 

SEPA 2.0, i.e. the migration of the SEPA formats to ISO version 2019 of the ISO 20022 standard, starts in November 2021. The dreaded triple changeover consisting of a TARGET2 consolidation, SWIFT MT to MX and SEPA 2.0 has been averted through a gradual migration for SEPA 2.0. The remaining time must now be used intensively for preparations.

Note: distinction between DK and EPC applies to Germany

*https://www.europeanpaymentscouncil.eu/what-we-do/other-schemes/sepa-request-pay-scheme

 

 The migration to the format specification of the German Banking Industry Committee (DK) valid from November initially affects the real-time credit transfer (pain001.001.09), the credit notification for incoming SCT Inst based on ISO 2019 (camt.054.001.08) and the formats for account information (camt.052, camt.053 and camt.054). Version 09 for real-time credit transfers is an extension of the SCT Inst formats, as the previous specifications (pain.001.001.03 without timestamp and pain.001.001.08 with timestamp) remain valid as before. A time-consuming exchange of existing formats at the customer-bank interface with extensive end customer integration is therefore not necessary for the time being and is postponed to a later date.

In November 2022, ISO version 2019 will continue with the inclusion of the Request to Pay (RTP) format specification into the DFÜ agreement. As this new standard will initially be included in the DFÜ agreement as an option, parallel activity to TARGET2 consolidation is not explicitly specified, but is reserved for financial institutions that wish to invest in improving customer experience.
The greatest effort for submissions by end customers will occur in November 2023, as the migration of the SEPA formats for credit transfers and direct debits is scheduled for this date. The remaining time should be used to prepare the necessary customer integration in order to avoid a postponement of migration dates as was the case with the mandatory SEPA introduction in 2014. 

Intensive preparation together with the customers involved is also urgently advised for the final phase of the SEPA 2.0 migration. In November 2025, the formats MT940 for previous day account information and MT942 for current day account information will cease to be the DK standard. Customers who rely on this information for their accounting must be able to process the account information in camt formats in the ISO 2019 version from this point onwards, which requires considerable effort and thus long and intensive preparation on the end customer side.

The changes associated with the implementation of SEPA 2.0 influence the interaction of formats in the processing chain and thus also the functionality of payment procedures. All internal bank systems that produce and/or receive change-relevant formats, as well as the supplying or receiving customers, are significantly affected. The risk of incorrect further processing or even the risk of payment rejections can be limited by addressing the issue at an early stage. In fact, added value can be created, processes can be holistically optimised and system functionalities can be increased by adapting and interlocking bank systems.

We are currently in the initial stage of the SEPA 2.0 migration. The effort required for the migration may not be reduced overall by the outlined equalisation of the migration steps, but it is at least easier to plan. We will closely follow the implementation and report on current developments here.  

Rebecca Stannull, Eric Waller

Read more

Single source of supply!

An IT outsourcing project usually brings together a whole range of experts from many different parties: the outsourcing company itself, the outsourcing provider as the future operator, the developers of the software used, migration experts as well as quite frequently a consulting firm for overall project management. This level of effort is not surprising in itself, as the processes involved are generally highly complex, have to be able to manage a number of interdependencies and – especially in payments – have almost no margin for error. It is perfectly valid to question whether it would not be more convenient from time to time if a single partner took charge of several parts of a project. After all, it is a well-known fact that the more parties involved have to be coordinated, the greater the friction.

This is one of the reasons why PPI AG has decided to offer not only consulting services and software for payments processing, but also operation of the respective platforms. With this payments as a service (PaaS) model, we are taking the next step towards becoming an all-round service provider in the European payments business.

So what exactly does that mean? Our customers can now have their PPI software operated directly by us in the cloud. They get all services from a single source – that includes the software itself, but also everything from consulting to the operation of the payments systems. Our offering thus covers the entire range of payments processing services. This takes the burden off our customers' IT departments and enables financial institutions to use their resources more efficiently and improve their competitiveness.

Why are we branching out into the operation of software solutions? The answer is simple: because it helps our customers to thrive in a rather crowded market environment. And because we have the skills for it: we have been successful in the consulting and software business for more than 30 years and have correctly anticipated the trend shift towards the increased use of cloud technologies. Over a year ago, we therefore entered into a cooperation with Broadridge Financial Solutions, a specialist for investor communication and technology-oriented solutions for financial institutions. It is not least thanks to this collaboration that we are able to offer our leading technology as PaaS.

Now is it all just pure theory? No, our comprehensive offering has already been tested in practice: Hamburg Commercial Bank (HCOB) relies on the PaaS solution. The initial setup of the project was classic: the bank wanted to migrate all customers to a central payments platform as part of a second-generation outsourcing and at the same time simplify its own business processes. At the core of the new architecture at HCOB is our TRAVIC suite as a standardised, multi-client capable, modern and hosted payments platform. In line with the customer's wishes, we have configured our operating environment in a way that allows us to control and monitor their payments end-to-end. The advantages of such a single-source outsourcing project became very clear as we were able to migrate the systems for cross-border payments to the new operating model after just twelve months – significantly faster than the projected one and a half years. What is more, it was achieved in times of the corona pandemic – and this should not be overlooked.

PPI's unique symbiosis of in-depth technical expertise and comprehensive development know-how makes such services possible. Offering operating models in the future was only logical given the trend towards outsourcing. To prevent friction caused by too many project participants, we accompany our projects from the initial planning stage to permanent operation from a single source – a complete all-round service package for payments.

You can find more information on our payments as a service offering here!

Yours,

Hubertus von Poser

[HASHTAGS]
payments as a service; outsourcing; payments platform; all-round service provider; migration

Read more

The digital euro - more questions than answers?

The European Central Bank will be taking a close look at digital currencies in the coming years. The design options are manifold and raise questions.

This month (Oct. 2021) is set to kick things off. The European Central Bank (ECB) is launching a two-year analysis project to assess what the design of the digital euro might look like. The outcome of the analysis phase will be a decision on whether and in what form the ECB will provide the digital euro.

However, it is clear from previous discussions and publications: the digital euro will have few parallels to functions of current private cryptocurrencies. Blockchain infrastructures and their advantages are barely considered in the context of the digital euro. The European Central Bank will focus on alternative approaches to cash and the impact on the monetary system.
The (implementation) scenarios are nevertheless diverse, leaving room for exciting discussions. Potential forms and effects need to be understood and evaluated in depth.

The key questions below can serve as an initial baseline:

• What added value and use cases are generated for the various stakeholders?
• Financial institutions, payment service providers, private individuals, commerce, industry, European Central Bank
• What does the technical design of the digital euro look like?
• Will the digital currency be built on an account or token infrastructure?
• How will value be transferred between the participating parties?
• Will users be provided with a digital product only?
• …
• How will usage for private individuals be designed?
• How will anonymity be ensured?
• Will there be limits on the amount that can be used and deposited?
•  …
• How and by whom will onboarding and provision be carried out?
• What regulatory requirements will arise?
• How will financial institutions and payment service providers be involved?    
•  …

Even though the analysis project is just starting, many trends can already be identified. PPI is following this topic with great enthusiasm and has already drawn up a number of theses on these questions. We will share and discuss them with you in the coming weeks.

Author: Philipp Schröder

Read more

Faster and easier – automation progress for setup of EBICS bank access

EBICS payments are becoming more and more widespread in Europe. Most recently, Austria has also committed to the secure standard for corporate payments. However, the highest level of security requires the compliance with the standard and a thorough verification when establishing the digital business relationship. During the first initialisation of the EBICS bank accesses, a few steps define the process: the EBICS client generates a user bank key during the initialisation of an EBICS bank access, which is then sent to the bank server. In addition, a letter signed by the user with the public bank key is sent to the financial institution for personal identification and verified there. If everything is correct, the financial institution releases the set-up bank account and sends the user a welcome letter containing a rather long hash value for comparison. The users enter their hash value manually in the configuration mask of the EBICS client.

 
Of course, a successful key activation requires that the hash value be typed without errors. The paper letter ensures "separate channels" of processes but is perceived by many users as very tedious and time-consuming. And the final activation process by the financial institution may take a few days before the user can finally use the EBICS bank access in the EBICS client.

Is it not possible to do this in a more easy and quick way to relieve the user? 

Financial institutions that operate corporate web-based applications can take advantage of the trust that is placed in them. They can store the hash values of the different EBICS banks that they already know in their web application and thus make them usable for all their customers. Unknown or incorrectly stored hash values are ignored and the activation of the user remains as it was. 

The manual entry of the hash values of each EBICS bank account by the user can thus be omitted. As soon as the users have initialised themselves at their bank accesses and have been activated by the financial institution, the hash values of the public EBICS bank keys are automatically downloaded and compared with the stored values in the background. If this check is successful, the assigned order types of the user can be automatically downloaded via HTD. The user can use the bank account immediately after downloading the order types. This saves time and is easy on the user's nerves by eliminating the need to enter the hash value, which can be up to 32 characters long.

All this was realised in TRAVIC-Port with the version 4.6 by PPI AG and is in use with the first operators.

As of version 4.6 of TRAVIC-Port, when using the additional licence the final steps in the initialisation process for hash value matching are automated.

The acceleration and simplification of these processes are well received by users. The initialised bank access continues to secure corporate payments with all the benefits of the EBICS standard. And for financial institutions this represents a further step in the acceleration of processes through automation in corporate payments.

Author: Christian Veith

Read more

Card payments in times of a pandemic

"The tide lifts all boats, even those with holes in the hull" – thus goes a German stock market saying, verbatim.
In our case, of course, this does not refer to any catastrophic flood scenario, but rather to positive exogenous effects on payments and an entire industry.
 
The last year and a half of the global pandemic was just that for card-based payments – a tide lifting up almost all parties involved. Transaction figures for card payments went through the roof; some even say that food retailing in particular had four Christmas seasons. Especially the girocard, which is preferred by many Germans, has benefited from this. The number of transactions increased by 4.7% in the first half of 2021 compared to the same period in the previous year, while total sales increased by 2%. The girocard was thus used considerably more, while shopping cart sizes did not change significantly. (1)

The same is true for the increasing prevalence of contactless payments. While the card schemes and issuers have spent years and enormous sums of money promoting the use of the NFC function of cards and reducing customer inhibitions, the pandemic has pushed its popularity to a "new normal" in one fell swoop. As many as 64% of all girocard transactions were contactless in the first half of 2021.1 Customers have finally understood this long-established function and made it a de facto standard – no amount of advertising could have achieved this in such a short time.

The development of the enormous increase in girocard transactions is exciting to observe insofar as there are more and more institutions that are questioning the previous co-badging strategy (i.e. girocard in combination with V Pay/Maestro) and in some cases are moving entire portfolios to the native debit solutions of the major card schemes (Mastercard/Visa Debit). This transformation in the German card market will essentially continue over the next few years and, in the long term, challenge the dominance of the girocard in Germany. With this in mind, it will also be interesting to observe to what extent the acquiring market in Germany – so far dominated by the large network operators – develops.

An important driver in this context is a European payments initiative currently being promoted in Germany. EPI (European Payments Initiative) is intended to provide a pan-European card solution that will enable payments in stationary trade and e-commerce within the European domestic market across borders and independently of international schemes. The current plan is to connect existing national card systems and ideally roll them out in all European countries. EPI is focusing on instant payments as the new European standard and would like to offer a mobile wallet in addition to the card solution. However, leaving Europe in the future will then mean relying on the global brands once again.

If we look at e-commerce, a similar picture presents itself: in Germany, the newly merged payments solutions paydirekt and giropay as well as Kwitt and girocard have been bundled under the "#DK Initiative" in order to present a powerful payments solution. The challenges are similar to those of EPI and success is only realistic if the different interests of many parties can be united.

All these initiatives and changes to the existing systems are continuously challenged by new FinTechs that occupy relevant niches in payments. Here, socially relevant topics, such as the recent "True Name" on credit cards, are also being implemented quickly and with effective advertising.

In summary, it can be said that the pandemic has so far proven to be an accelerator of many existing developments in card-based payments and has triggered changes that will shape the industry for years to come. It remains to be seen whether the specific effects of the pandemic will be followed by the gradual stabilisation of a "new normal" or whether the rapid transformation will continue and lead to fundamental changes in the market.

Authors: 

Sebastian Litschke 

Jonathan Kutkuhn 

(1) girocard mid-year figures 2021 (German): https://www.girocard.eu/presse-mediathek/pressemitteilungen/2021/girocard-halbjahreszahlen-2021/

Read more

More convenience for EBICS customers

When it comes to making things more convenient for corporate customers using the EBICS protocol, there are a few hurdles to overcome. The first challenge is configuring the communication parameters to reach a desired EBICS bank server, the next is the complicated exchange of EBICS keys via INI letter and bank key activation.

If we as customer product manufacturers could get help from the EBICS Company for the first task, i.e. the configuration of the communication parameters, we would quickly be able to make the second task, the key exchange process, much easier for users of the EBICS protocol.   

 This scenario could be implemented quickly by the EBICS Company providing authorised and registered manufacturers with a list of all EBICS banks, their technical access and host ID, and the last known bank key as a hash value. Then the customer product manufacturers could integrate the provided values into their EBICS customer applications and considerably simplify the configuration of the technical EBICS access for users. User input errors with lengthy support requests would be a thing of the past and users would have one less hurdle to overcome to use EBICS.

With the data provided by the EBICS Company, the verification of bank keys in customer products could also be simplified. This would reduce the complicated process of EBICS key submission and bank key checks to a minimum. Indeed, it is conceivable that customers would then receive an activation within a few minutes and could immediately begin using EBICS communication. The effort required to activate the EBICS access would then be comparable to the activation of online banking for private customers.
Dear EBICS Company, would you consider creating an EBICS bank list? Like the one DK has been providing in a similar form for FinTS bank servers for years?  

Author: Michael Schunk

Read more

Request to Pay – the economy needs this standard

On 15 June 2021, the new European standard for electronic payment requests Request to Pay (RTP) transformed from a theoretical construct to a practical reality. On that day, the SEPA Request to Pay (SRTP) rulebook came into force. The Euro Banking Association (EBA) in particular had been working hard on the project. It is only understandable that the organisation also wanted to know whether there are many companies in the economy that want to use RTP in the near future. In September 2020, EBA launched a large-scale survey of companies across Europe with PPI as a partner. The results recently published under the title "Request to Pay: What Corporates Want" are not surprising in their tendency, but in their consistency. Almost 100 per cent of the companies are interested in using the standard. What is important for them above all is uniform usability throughout Europe. Not surprising – after all, 70 per cent of the companies surveyed also want to use RTP for cross-border payments.

The main part of the survey revolved around the companies' assessments of the use of RTP in the fields point of sale (POS), e-commerce, e-invoicing and recurring payments. Here, too, attitudes towards the standard were clearly positive across the board. In all the areas surveyed, over 80 per cent of participants could at least imagine using RTP. In the area of e-commerce, the quota was even over 90 per cent.

At the same time, the EBA and we wanted to know what could make RTP even more attractive for companies. The answers revealed a number of possible improvements. The main aspects are standardisation of procedures, offering value-added services, end-user acceptance, risk management and clear prospects for the future. 

The latter also includes the most frequent requests for additional features: quickly achieving a high market penetration, integration into standardised, fully automated processes that are, for example, embedded in ERP systems, as well as use in combination with instant payments or other payment guarantee options. Of course, no vendor wants to let a customer leave with the goods if they do not have the money yet. If, however, buyers had to wait until the corresponding amount was credited to the seller's account, the acceptance of RTP, especially at the point of sale, would probably be close to zero. In this case, it might be necessary to examine whether the notification of the accepted or instructed RTP can be designed as a legally binding payment guarantee.

The companies surveyed see an additional benefit in the possibility to include structured remittance information in the data record. This facilitates the allocation of incoming payments to specific transactions within a goods management system and is a prerequisite for fully digitalised, largely automated invoicing and payment processes. Furthermore, companies see RTP as a good opportunity for significantly more direct downstream communication between sellers and buyers of goods and services: for example, 43 per cent can imagine transferring warranty or return information with the data record.

In total, companies from 20 European countries took part in the survey, two thirds of which generate a turnover of 50 million euros or more. A download link to the free final report "Request to Pay: What Corporates Want" as well as further information on RTP can be found here: https://www.ppi.de/en/payments/request-to-pay/success-story-eba-request-to-pay-survey/

Authors: Eric Waller, Anuschka Clasen

Read more

EBICS 3.0 in the home stretch

By 22 November this year at the latest, the time will have come. From that day on, German payment service providers are obliged to offer their corporate customers EBICS 3.0, to be precise EBICS 3.0.1, alongside the previous version 2.5. For Switzerland, SIX has also issued a recommendation for the support of EBICS 3.0 from November 2021, and in France, EBICS 3.0 can already be officially offered by financial service providers since January 2018.

The Deutsche Bundesbank has announced that it will switch completely to EBICS 3.0 from 22 November 2021 for a transitional period of one year. EBA CLEARING has a similar position regarding its EBICS services.

What does the EBICS changeover mean for all those involved in EBICS?

Financial institutions and financial service providers are preparing for November 2021. EBICS 3.0-capable systems are already in use in many cases. It is possible that EBICS 3.0 has merely not yet been activated.

For the transition period from EBICS 2.x to EBICS 3.0, the specified or agreed BTF and order type mappings must be stored on bank side and corporate customer side. They can be discontinued later if no order types or FileFormat parameters are specified for new EBICS business transactions in the future. 

All parties should consider the crypto life cycle (see crypto life cycle on https://www.ebics.org/en) for EBICS before migrating to EBICS 3.0. This includes minimum key lengths, key procedures, and TLS requirements that must be met. Due to the key procedures it defines, EBICS 2.3 will automatically expire on 22 November.

All this requires the latest EBICS software. Corporate customers should therefore arrange for an EBICS 3.0 update of their EBICS clients at an early stage so that they can react to the EBICS changeover of the financial institutions. In order to avoid a time-consuming reinitialisation, corresponding EBICS and key updates should already be completed on client side before the bank-side shutdown of key procedures and lengths as well as EBICS versions. The key updates may be required to migrate to EBICS 3.0.

Since the text-based customer protocol (order type PTK) is no longer specified for EBICS 3.0, financial institutions may no longer offer it for EBICS 3.0. If the customer protocol monitoring of corporate customers is still based on the PTK, an early changeover to the XML-based HAC is recommended for them.

Corporate customers can also look forward to a few new functions that EBICS 3.0 provides. These include the technical double submission check, the optional specification of the original file name when uploading and the EDS flag (EDS= electronic distributed signature), with which the corporate customer can directly control whether the submitted order should undergo the EDS process or be checked directly. 

Those are some of the relevant points that I would like to share with you to help you cross the finish line successfully. Ultimately, it is important to be prepared for the approaching EBICS changeover and to take the necessary precautions.

And what about you? Have you already started your final sprint to EBICS 3.0?

Author: Michael Lembcke

Read more

Request to Pay – a revolution without revolutionaries?

Technically, the European payments market could be in a mood for celebration - after all, the first concrete regulation for a pan-European electronic payment request came into force on 15 June 2021. The SEPA Request to Pay (SRTP) Scheme Rulebook defines the parameters for all participating financial institutions. Once this system is set up, companies simply send their customers a digital data record with the details of the payment request. The payers can transfer the included information such as IBAN, sum or remittance information into their banking system with a mouse click and then only have to authorise the transaction. 

Few reactions

Experts see RTP as a potential revolution in the European payments market. However, the participants for the revolution have been lacking so far. Efforts to launch products based on RTP are hardly discernible. The question arises as to the reason for this reluctance. Are financial institutions worried about a lack of demand? Is the implementation too complicated or too expensive for them? And what can help financial institutions if they want to launch SRTP products?

There is no lack of interest

The demand is there among the ultimate addressees, i.e. the private and corporate customers of the banks, at least on the business customer side. A survey by the European Banking Association (EBA) in cooperation with PPI clearly shows this. Regardless of which potential application scenario European companies were asked about, the willingness to use RTP in their own company was generally well over 80, sometimes over 90 per cent.

Manageable effort

Of course, a new payments standard does not come for free and cannot be implemented overnight. If a corresponding project is approached with the classic waterfall methodology, a duration of 18 to 24 months is to be expected. With modern means such as agile development, however, this period can be shortened. The key is to have a clear strategic idea of what an RTP product should be able to do. Furthermore, it must fit into the long-term business plans of the financial institution. The actual costs depend on the specific circumstances. But they are likely to be similar to those of an instant payments introduction. Institutions that have already introduced this service have advantages, because some of the important aspects for RTP have already been taken care of. They then only have to apply about 30 to 40 per cent of the mentioned cost framework.

In any case, the investment should pay for itself quite soon. After all, RTP products and services strengthen customer loyalty and can help institutions win back market shares. Especially since at least no major player has yet announced plans to enter the RTP market. 

Launch the first projects soon

Financial service providers should definitely take advantage of this. Minimum Viable Products (MVP) are suitable for a quick market entry. An alternative is cooperation with one or more business customers. Companies in particular should have a strong interest in RTP, as the use of the standard can save considerable sums in billing process costs.

Sooner or later, an entire product world will emerge around RTP – that much is foreseeable! Institutions that enter the new market early on can look forward to this development with joyful anticipation. We are happy to support financial service providers with the implementation. We have summarised the basics in the latest white paper "How Request to Pay becomes a success story for financial service providers", which is available for free download here.

Authors: Eric Waller, Anuschka Clasen

Read more

Digitisation of the account life cycle? Simple with eBAM and EBICS!

B07? B13? Though these designations may look like airport gates for an upcoming flight, they mean something else.

Perhaps you have already seen them in the planned changes for the BTF to order types mapping table of DK (Deutsche Kreditwirtschaft). They refer to two of the business transactions for Electronic Bank Account Management (eBAM) newly introduced in 2021. In a previous article, we already discussed the topic eBAM in general and argued in favour of standardised use within the framework of the RDT agreement.

eBAM provides messaging for account opening, management, closure and reporting. The focus is on an existing customer relationship. Otherwise, there would be additional challenges to consider.
eBAM combines concrete potentials for account management in the corporate customer sphere. Manual activities, media discontinuities and a generally paper-based procedure are currently predominant there. Opening an account or changing a power of attorney means a great deal of effort on both the customer's and the bank's part and takes days or even weeks to complete. Not to mention the lack of standards across different banks.

Electronic Bank Account Management enables the digitisation of account management processes. As shown in the figure, the paper-based processes and media discontinuities are replaced by standardised ISO 20022 XML formats (acmt.*), which are exchanged between the corporate customer and the financial institution via an electronic channel. The prerequisite is that essential bank and account master data, powers of attorney and other documents are managed in appropriate systems of the corporate customer. Document attachments and digital signatures are also supported, as these may be required in certain cases.

There is no need for a new channel, as the eBAM messages can also be transmitted via EBICS. In addition, they are already authorised in the EBICS channel. Such processes are well-known and well-established in payments, e.g. in the transmission of credit transfers and status reports. Transfers via other channels is also conceivable.

Within the institution, the necessary processing can be carried out faster and more efficiently through automated support. 

A few financial institutions have eBAM offerings on the market, but some of them are limited to individual use cases or channels. On the other hand, corporate customers such as the treasury departments of large companies are clearly interested in precisely this kind of digital account management. In particular, they want to have a better overview and reduced processing times, and at the same time manage their accounts with ease.

There are also great advantages for the financial institutions. The complexity of IT and processes can be significantly reduced and process costs lowered. 

eBAM has various points of contact in the business and IT areas, which means that questions have to be considered holistically during concept creation and implementation. This also applies to related topics such as KYC (Know Your Customer), electronic signatures, regulations or process management.
For the implementation of eBAM in IT systems, it must be considered which tasks are to be carried out in the bank server and which in the downstream systems. What should be taken into account with the new formats and their current and future versions? How can message validation and feedback generation take place? How are eBAM messages processed and transferred to the master data systems?
Based on the TRAVIC product suite, PPI can offer financial institutions the appropriate functionalities to facilitate the introduction of an eBAM offering. This includes the acceptance of messages in the EBICS bank server TRAVIC-Corporate as well as the central processing in a specific eBAM component at the interface between TRAVIC-Corporate and the downstream systems. Web-based account management in the corporate customer portal TRAVIC-Port equally offers potential for a dedicated eBAM offering. And via real-time notifications, the TRAVIC-Push-Server could be immediately notified of important events.

By offering technical and business expertise from a single source, PPI can provide holistic support for eBAM introduction on request.

I am convinced that the importance of eBAM will continue to grow. Those institutions that act early will be able to secure timely market advantages through innovative offers.

What do you think?

Author: Thomas Stuht, D.Eng.

Read more

Our money must go digital

 

Imagine the following scenario for the future: a company runs out of certain material, which is only available from a supplier abroad. At the latest 24 hours later, supplies of the material must arrive, otherwise the production will be stopped. This issue is detected by a computer system. It orders new goods completely autonomously from the supplier's system, where they are immediately sent on their way, also completely automatically. Customs declaration, transport organisation, etc. – all of this is taken care of without human intervention. At customs, a computer scans the goods, concludes that everything is in order using specified parameters and requests the customs duties from the ordering computer system. The computer system would execute the payment immediately – but it can't, at least not at the moment. Finally, a person must authorise the payment and, usually, it takes at least one banking day for the customs to register the receipt of the funds.

This example illustrates the limitations of our current payment system: relatively long waiting times, complicated authorisation procedures and a lack of delivery-versus-payment functionalities. While this may have been acceptable in the past, it poses serious problems for the future. Because the future belongs – among other things – to the Internet of Things (IoT). By 2025, an estimated 75 billion devices will be linked via networks.  The potential for new business models is huge, from automatic customs clearance without human intervention, or rental charges for agricultural machinery billed according to the actual payload, to the self-ordering refrigerator.

However, many of these business models will be hard to realise if the current limits of payment systems remain. Digital currencies can lay the foundation for automation and overcome these limitations. The European Central Bank (ECB) is considering the introduction of a public digital euro – a digital form of central bank money that is to promote financial inclusion and be available to the citizens as a digital and secure means of payment. Still, even if this were to be decided in 2021, according to the assessment by the ECB's director Fabio Panetta as well such a currency would hardly be a reality until 2026 , especially since it is not yet known whether the digital euro will have the characteristics necessary for IoT business models. Given the growth of the IoT, this will be too late and too uncertain.

The solution to this dilemma lies with private initiatives. It is already possible to connect the SEPA system with an application based on distributed ledger technology (DLT) via a technical bridge solution. This method can be used, for example, to implement pay-per-use solutions: payments are triggered via the SEPA system and programmable payments can be mapped on a DLT. However, this so-called trigger solution does not eliminate the limitations of SEPA because a human authorisation is still needed. The machine or IoT device cannot bill itself. The system break in payment processing can be avoided if a digital means of payment is issued and processed directly on a DLT, instead of using conventional payments. 

A DLT-based digital currency does not necessarily have to be issued by a central bank. Banks or financial institutions can also create solutions for so-called programmable payments. One example are euro-based stablecoins – digital tokens backed by a specific monetary value. At present, there is still no regulatory basis for euro stablecoins and they have a high counterparty risk. However, with the planned EU directive "Markets in Crypto-assets" (MiCA) this is likely to change and stablecoins will become tokenized e-money. An alternative is tokenized scriptural money that financial institutions could issue. Unlike the stablecoin, it would have the advantage of not having to be 100 percent covered. Nevertheless, according to the current rules, such a currency would not be multi-bank capable and would thus entail very significant restrictions.

In whichever form this happens, the digital currency will become reality. This is the only way for the German industry to fully benefit from the potential of the IoT. Even more far-reaching automation in goods logistics or increasingly popular asset-as-a-service models are hardly conceivable in the long term without fully autonomous payments in real time. Details on the use cases and further details on the design of digital currencies can be found in the joint white paper "The future of payments: programmable payments in the IoT sector", which was written by PPI together with the partners Cash on Ledger, Digital Euro Association and Frankfurt School Blockchain Center. For a free download click here.

Authors: Anja Kamping, Philipp Schröder

Read more

EBICS key: how long is the key to success?

On 21 April 2021, an EBICS manufacturer workshop of the German Banking Industry Committee (DK) took place. In terms of content, the core adjustments to EBICS coming with version 3.0.1 were presented. However, much more interesting for me are the cryptographic adjustments presented at the same time, which will become mandatory for EBICS customer systems in November 2021. EBICS uses 3 RSA key pairs for communication: one pair for authorisation signatures, one pair for authentication of the EBICS fragment, and one pair for encryption/decryption of messages.

For EBICS V2.5, this adjustment means that authorisation signatures (A keys) must have at least a 2048-bit key length. For authentication (X keys) and encryption (E keys), a compromise of at least 1984 bits was decided. The reason for this is probably that Seccos smartcards with keys of this length still exist in the market. The so-called DS key of these Seccos cards has a 2048-bit key length and is located in the special area of the card chip protected by an alternative PIN. 

In addition, it was again confirmed to all participants that with the use of EBICS 3.0.1, all keys used for authentication (X00x), encryption (E00x) and authorisation signature (A00x) may no longer be shorter than 2048 bits.

For the customer product manufacturers, this means that a key extension process must start in the foreseeable future so that all customers can easily and simply switch to the new EBICS 3.0.1 version as of November. If this does not happen, a switch to EBICS 3.0.1 is not possible with the existing – too short – keys.

Customer products that do not offer key changes fall behind here; their users then have to generate new, longer keys in a time-consuming and complicated process, then have their access reset at the financial institution and then resubmit the keys and the INI letter to their financial institution. After that, it is a matter of waiting until the EBICS access is activated again.

EBICS customer products which offer their customers a key change still have to deal with the challenge that with EBICS 3.0.1, only X509 certificates may be used in EBICS communication. The customer products use completely new internal processes for this. The implementation must therefore be well planned and will generally not be easy. However, TRAVIC-EBICS-Kernel by PPI AG helps by providing the necessary functions for an easy switchover. It would be advisable to change from the previous key format (RDH2) to the PKCS#12 format (p12 file) for key files in the course of this.

A challenge arises for smartcards, because they often do not have the necessary key lengths and may have to be replaced, if this is possible at all. 

In conclusion: 

It is time to address the users of EBICS who use short keys so that they can update their keys in good time before the switch to EBICS 3.0.1 or before November 2021, generate their new keys and ideally submit them to their financial institution signed with the previous keys. Users who do not want to communicate with the key requirements applicable from November 2021 would face a fatal dysfunctionality of the EBICS access.

Author: Michael Schunk

Read more

Is the perfect wave coming?

When it comes to outsourcing in payments, I am currently somewhat reminded of a surfing competition in which the participants keep paddling around in vain, looking for the right wave. The calm seas are partly due to many financial institutions that regard payments as their core business and shy away from outsourcing at the centre of their own business activities. On the other hand, the supply side of appropriate services has been limited so far - so no dice there either. Equens Worldline is currently the only company to offer complete business process outsourcing (BPO) in payments. The banking operations centre BCB, a subsidiary of Deutsche Bank, is in the process of withdrawing from the market.

Regulation compels changes

But now the surf – i.e. the market – is starting to stir. For one, there is the pressure to change. Due to regulation and technical requirements, it has become immense. New requirements by the regulatory authorities are almost constantly rolling in towards financial service providers. Implementing them keeps the IT departments permanently on their toes, especially since they result in no small tasks. Most new regulations entail the same effort on the IT side as the implementation of a new SEPA standard, for example. The core business suffers from this, especially since IT experts are not exactly available in abundance, so staff increases are only possible to a very limited extent.

Technical requirements exceed current system capabilities

This shortage on the personnel market also indirectly plays a role in the second cause of the need for change: the technical pressure. The demands on banking IT have changed fundamentally. What is now in demand is 24/7 service and, above all, real-time capability. This "instant" phenomenon of needing to execute and track payments immediately and instantly presents banking IT infrastructures with huge challenges. Depending on which legacy systems are still working and which head monopolies possess the relevant knowledge, a technical outsourcing solution can become more and more economically appealing – and other trends are moving towards outsourcing, as well.

Technological leaps boost supply

The supply side is also making waves in the market water. Platform solutions in particular, but also connectivity technologies, have made such leaps in recent years that a number of providers are entering the market surrounding payments outsourcing. As a rule, these are specialised service providers, for example software providers like us at PPI for technical outsourcing or financial service providers like Broadridge for a complete BPO. The latter, for example, rely on their appropriate experience in the securities business. 

Regulatory authorities discover service providers

Experience and know-how are important because supervisors are also tightening the reins on external service providers for payments of financial institutions. Due to national and European regulations that have already come into force or are in the planning stage, financial institutions are forced to expand the circle of service providers to be supervised, to watch them closely in the future and to check to what extent the partner can actually guarantee their services. This goes as far as direct provisions for contract creation. Providers of outsourcing solutions could soon receive a visit from the authorities, too. In the future, the latter may want to check to what extent the companies also comply with the regulations that apply to financial institutions and whether they are in a position to fulfil their reliability assurances.

Who will ride the wave?

We hear that the first banks have already taken advantage of the stronger surf to ride the wave towards outsourcing. Others have already set foot on the board, at least to stay in the picture. Even if many of the industry's big players tend to forego riding the outsourcing wave and many public or cooperative players have already hopped aboard with their associated data centres anyway, the call of the outsourcing surf grows louder and louder. Who will answer it?

Yours,
Hubertus von Poser

Read more

Payments by card: specificities of the French market

The electronic payments ecosystem in France is made up of a wide range of players (banks, cardholders, merchants, laboratories, manufacturers, issuers, processors, card networks, regulators) with a specific payment system based on EMV (Standard Europay Mastercard Visa) technology. The multilateral cooperation agreement signed between the members allows users to access all the approved facilities (EPTs, ATMs, etc.) of the payments system members.

In France, bank card payments are transmitted to the authorisation systems via the CB, Visa or Mastercard card networks; cleared by the CORE clearing system of the French STET initiative, then settled by the settlement service of the Banque de France / European Central Bank / Bank for International Settlements. Some operations can be carried out via the domestic CB network (if the French cardholder carries out transactions in France), or via the international Visa or Mastercard networks (for international payments or for French bank cards that do not have the CB application).

 

In France, a distinction is made between immediate debit cards and credit cards (deferred debit). Somecards have systematic authorisation (online), others are offline. A French card co-branded Visa or Mastercard is accepted all over the world. Foreign bank cards co-branded with Visa or Mastercard are also accepted in France due to the principle of interoperability or agreement between the financial institutions. However, before June 9, 2016, when a French customer paid with their CB bank card supported by Visa or Mastercard, the electronic payment terminal (EPT) automatically selected the domestic network (CB). But since that date and to present day, the cardholder now has the option to choose between CB, Visa and Mastercard (European Regulation 2015/751).

The issues concerning bank card payments are expressed through several challenges (structural, organisational, technological and regulatory (1) ) that are imposed on the players, forcing them to review their organisational structures and chains of operations to make them compliant with European regulations. These challenges have led to a broadening of the scope of electronic banking and the emergence of new forms of banking activities. The bank card can now be used to carry out several types of transactions with varying levels of security: mobile payments (NFC / QR code), contactless proximity, biometric (facial recognition / fingerprint), etc.

In 2019, 54 million debit cards and 39.3 million credit and payment cards were issued, of which CB cards accounted for 27.5 million, or 70% (France Cards & Payments: Opportunities and Risks to 2024 p. 33; 52; 60). According to the same source, 77% of cards in circulation in the French market are co-branded and only 23% are purely international network cards. The top five financial institutions accounted for 86% of transaction value in 2019 (France Cards & Payments: Opportunities and Risks to 2024). In 2018, there were more than 1.8 million electronic payment terminals and almost 55 thousand ATMs in France (Statista, 2021).

Although card payments are still the most widely used payment method in France (2)  and will continue to grow in the years to come, PSD2-related regulations have created a technological and strategic revolution that will allow the various players (new entrants, financial institutions, etc.) to free themselves from the interbank networks and offer innovative services at lower cost. In fact, they will rely on the Internet infrastructure and not on private structures. Based on these new operational models, these new services (mobile payments in proximity, P2P (peer-to-peer), etc.) are developing to serve new use cases with a new user experience (Payments Cards and Mobile, 2021). The ISO 20022-based Request to Pay complements these payment methods as a powerful end-to-end payment tool offering an opportunity for new services and bringing more value to customers.

The proliferation of multiple channels and the increasing dematerialisation of payments could open up new opportunities for acquiring with increased competition on the acquirer side, which will undoubtedly lead to lower fees and better service. All of this will be closely linked to the ability of the solutions to operate together, because it is in the merchant's interest to have as many payment methods as possible on the same device at the lowest cost, so as to optimise the possibility of offering the customers their preferred payment solution.

 

Author: Tite-Voltaire Soupene

(1) Strong authentication (PSD2 Directive, 2018); Card payments (PCI DSS); Interchange fees (EU Regulation 2015/751). 

(2) In 2019, more than half the French population, i.e. 58,6 %, preferred to pay via bank card. (Statista, 2021)

Read more