Our money must go digital

 

Imagine the following scenario for the future: a company runs out of certain material, which is only available from a supplier abroad. At the latest 24 hours later, supplies of the material must arrive, otherwise the production will be stopped. This issue is detected by a computer system. It orders new goods completely autonomously from the supplier's system, where they are immediately sent on their way, also completely automatically. Customs declaration, transport organisation, etc. – all of this is taken care of without human intervention. At customs, a computer scans the goods, concludes that everything is in order using specified parameters and requests the customs duties from the ordering computer system. The computer system would execute the payment immediately – but it can't, at least not at the moment. Finally, a person must authorise the payment and, usually, it takes at least one banking day for the customs to register the receipt of the funds.

This example illustrates the limitations of our current payment system: relatively long waiting times, complicated authorisation procedures and a lack of delivery-versus-payment functionalities. While this may have been acceptable in the past, it poses serious problems for the future. Because the future belongs – among other things – to the Internet of Things (IoT). By 2025, an estimated 75 billion devices will be linked via networks.  The potential for new business models is huge, from automatic customs clearance without human intervention, or rental charges for agricultural machinery billed according to the actual payload, to the self-ordering refrigerator.

However, many of these business models will be hard to realise if the current limits of payment systems remain. Digital currencies can lay the foundation for automation and overcome these limitations. The European Central Bank (ECB) is considering the introduction of a public digital euro – a digital form of central bank money that is to promote financial inclusion and be available to the citizens as a digital and secure means of payment. Still, even if this were to be decided in 2021, according to the assessment by the ECB's director Fabio Panetta as well such a currency would hardly be a reality until 2026 , especially since it is not yet known whether the digital euro will have the characteristics necessary for IoT business models. Given the growth of the IoT, this will be too late and too uncertain.

The solution to this dilemma lies with private initiatives. It is already possible to connect the SEPA system with an application based on distributed ledger technology (DLT) via a technical bridge solution. This method can be used, for example, to implement pay-per-use solutions: payments are triggered via the SEPA system and programmable payments can be mapped on a DLT. However, this so-called trigger solution does not eliminate the limitations of SEPA because a human authorisation is still needed. The machine or IoT device cannot bill itself. The system break in payment processing can be avoided if a digital means of payment is issued and processed directly on a DLT, instead of using conventional payments. 

A DLT-based digital currency does not necessarily have to be issued by a central bank. Banks or financial institutions can also create solutions for so-called programmable payments. One example are euro-based stablecoins – digital tokens backed by a specific monetary value. At present, there is still no regulatory basis for euro stablecoins and they have a high counterparty risk. However, with the planned EU directive "Markets in Crypto-assets" (MiCA) this is likely to change and stablecoins will become tokenized e-money. An alternative is tokenized scriptural money that financial institutions could issue. Unlike the stablecoin, it would have the advantage of not having to be 100 percent covered. Nevertheless, according to the current rules, such a currency would not be multi-bank capable and would thus entail very significant restrictions.

In whichever form this happens, the digital currency will become reality. This is the only way for the German industry to fully benefit from the potential of the IoT. Even more far-reaching automation in goods logistics or increasingly popular asset-as-a-service models are hardly conceivable in the long term without fully autonomous payments in real time. Details on the use cases and further details on the design of digital currencies can be found in the joint white paper "The future of payments: programmable payments in the IoT sector", which was written by PPI together with the partners Cash on Ledger, Digital Euro Association and Frankfurt School Blockchain Center. For a free download click here.

Authors: Anja Kamping, Philipp Schröder


EBICS key: how long is the key to success?

On 21 April 2021, an EBICS manufacturer workshop of the German Banking Industry Committee (DK) took place. In terms of content, the core adjustments to EBICS coming with version 3.0.1 were presented. However, much more interesting for me are the cryptographic adjustments presented at the same time, which will become mandatory for EBICS customer systems in November 2021. EBICS uses 3 RSA key pairs for communication: one pair for authorisation signatures, one pair for authentication of the EBICS fragment, and one pair for encryption/decryption of messages.

For EBICS V2.5, this adjustment means that authorisation signatures (A keys) must have at least a 2048-bit key length. For authentication (X keys) and encryption (E keys), a compromise of at least 1984 bits was decided. The reason for this is probably that Seccos smartcards with keys of this length still exist in the market. The so-called DS key of these Seccos cards has a 2048-bit key length and is located in the special area of the card chip protected by an alternative PIN. 

In addition, it was again confirmed to all participants that with the use of EBICS 3.0.1, all keys used for authentication (X00x), encryption (E00x) and authorisation signature (A00x) may no longer be shorter than 2048 bits.

For the customer product manufacturers, this means that a key extension process must start in the foreseeable future so that all customers can easily and simply switch to the new EBICS 3.0.1 version as of November. If this does not happen, a switch to EBICS 3.0.1 is not possible with the existing – too short – keys.

Customer products that do not offer key changes fall behind here; their users then have to generate new, longer keys in a time-consuming and complicated process, then have their access reset at the financial institution and then resubmit the keys and the INI letter to their financial institution. After that, it is a matter of waiting until the EBICS access is activated again.

EBICS customer products which offer their customers a key change still have to deal with the challenge that with EBICS 3.0.1, only X509 certificates may be used in EBICS communication. The customer products use completely new internal processes for this. The implementation must therefore be well planned and will generally not be easy. However, TRAVIC-EBICS-Kernel by PPI AG helps by providing the necessary functions for an easy switchover. It would be advisable to change from the previous key format (RDH2) to the PKCS#12 format (p12 file) for key files in the course of this.

A challenge arises for smartcards, because they often do not have the necessary key lengths and may have to be replaced, if this is possible at all. 


In conclusion: 

It is time to address the users of EBICS who use short keys so that they can update their keys in good time before the switch to EBICS 3.0.1 or before November 2021, generate their new keys and ideally submit them to their financial institution signed with the previous keys. Users who do not want to communicate with the key requirements applicable from November 2021 would face a fatal dysfunctionality of the EBICS access.

Author: Michael Schunk


Is the perfect wave coming?

When it comes to outsourcing in payments, I am currently somewhat reminded of a surfing competition in which the participants keep paddling around in vain, looking for the right wave. The calm seas are partly due to many financial institutions that regard payments as their core business and shy away from outsourcing at the centre of their own business activities. On the other hand, the supply side of appropriate services has been limited so far - so no dice there either. Equens Worldline is currently the only company to offer complete business process outsourcing (BPO) in payments. The banking operations centre BCB, a subsidiary of Deutsche Bank, is in the process of withdrawing from the market.

Regulation compels changes

But now the surf – i.e. the market – is starting to stir. For one, there is the pressure to change. Due to regulation and technical requirements, it has become immense. New requirements by the regulatory authorities are almost constantly rolling in towards financial service providers. Implementing them keeps the IT departments permanently on their toes, especially since they result in no small tasks. Most new regulations entail the same effort on the IT side as the implementation of a new SEPA standard, for example. The core business suffers from this, especially since IT experts are not exactly available in abundance, so staff increases are only possible to a very limited extent.

Technical requirements exceed current system capabilities

This shortage on the personnel market also indirectly plays a role in the second cause of the need for change: the technical pressure. The demands on banking IT have changed fundamentally. What is now in demand is 24/7 service and, above all, real-time capability. This "instant" phenomenon of needing to execute and track payments immediately and instantly presents banking IT infrastructures with huge challenges. Depending on which legacy systems are still working and which head monopolies possess the relevant knowledge, a technical outsourcing solution can become more and more economically appealing – and other trends are moving towards outsourcing, as well.

Technological leaps boost supply

The supply side is also making waves in the market water. Platform solutions in particular, but also connectivity technologies, have made such leaps in recent years that a number of providers are entering the market surrounding payments outsourcing. As a rule, these are specialised service providers, for example software providers like us at PPI for technical outsourcing or financial service providers like Broadridge for a complete BPO. The latter, for example, rely on their appropriate experience in the securities business. 

Regulatory authorities discover service providers

Experience and know-how are important because supervisors are also tightening the reins on external service providers for payments of financial institutions. Due to national and European regulations that have already come into force or are in the planning stage, financial institutions are forced to expand the circle of service providers to be supervised, to watch them closely in the future and to check to what extent the partner can actually guarantee their services. This goes as far as direct provisions for contract creation. Providers of outsourcing solutions could soon receive a visit from the authorities, too. In the future, the latter may want to check to what extent the companies also comply with the regulations that apply to financial institutions and whether they are in a position to fulfil their reliability assurances.

Who will ride the wave?

We hear that the first banks have already taken advantage of the stronger surf to ride the wave towards outsourcing. Others have already set foot on the board, at least to stay in the picture. Even if many of the industry's big players tend to forego riding the outsourcing wave and many public or cooperative players have already hopped aboard with their associated data centres anyway, the call of the outsourcing surf grows louder and louder. Who will answer it?

Yours,
Hubertus von Poser

Payments by card: specificities of the French market

The electronic payments ecosystem in France is made up of a wide range of players (banks, cardholders, merchants, laboratories, manufacturers, issuers, processors, card networks, regulators) with a specific payment system based on EMV (Standard Europay Mastercard Visa) technology. The multilateral cooperation agreement signed between the members allows users to access all the approved facilities (EPTs, ATMs, etc.) of the payments system members.

In France, bank card payments are transmitted to the authorisation systems via the CB, Visa or Mastercard card networks; cleared by the CORE clearing system of the French STET initiative, then settled by the settlement service of the Banque de France / European Central Bank / Bank for International Settlements. Some operations can be carried out via the domestic CB network (if the French cardholder carries out transactions in France), or via the international Visa or Mastercard networks (for international payments or for French bank cards that do not have the CB application).

 


In France, a distinction is made between immediate debit cards and credit cards (deferred debit). Somecards have systematic authorisation (online), others are offline. A French card co-branded Visa or Mastercard is accepted all over the world. Foreign bank cards co-branded with Visa or Mastercard are also accepted in France due to the principle of interoperability or agreement between the financial institutions. However, before June 9, 2016, when a French customer paid with their CB bank card supported by Visa or Mastercard, the electronic payment terminal (EPT) automatically selected the domestic network (CB). But since that date and to present day, the cardholder now has the option to choose between CB, Visa and Mastercard (European Regulation 2015/751).

The issues concerning bank card payments are expressed through several challenges (structural, organisational, technological and regulatory (1) ) that are imposed on the players, forcing them to review their organisational structures and chains of operations to make them compliant with European regulations. These challenges have led to a broadening of the scope of electronic banking and the emergence of new forms of banking activities. The bank card can now be used to carry out several types of transactions with varying levels of security: mobile payments (NFC / QR code), contactless proximity, biometric (facial recognition / fingerprint), etc.

In 2019, 54 million debit cards and 39.3 million credit and payment cards were issued, of which CB cards accounted for 27.5 million, or 70% (France Cards & Payments: Opportunities and Risks to 2024 p. 33; 52; 60). According to the same source, 77% of cards in circulation in the French market are co-branded and only 23% are purely international network cards. The top five financial institutions accounted for 86% of transaction value in 2019 (France Cards & Payments: Opportunities and Risks to 2024). In 2018, there were more than 1.8 million electronic payment terminals and almost 55 million ATMs in France (Statista, 2021).

Although card payments are still the most widely used payment method in France (2)  and will continue to grow in the years to come, PSD2-related regulations have created a technological and strategic revolution that will allow the various players (new entrants, financial institutions, etc.) to free themselves from the interbank networks and offer innovative services at lower cost. In fact, they will rely on the Internet infrastructure and not on private structures. Based on these new operational models, these new services (mobile payments in proximity, P2P (peer-to-peer), etc.) are developing to serve new use cases with a new user experience (Payments Cards and Mobile, 2021). The ISO 20022-based Request to Pay complements these payment methods as a powerful end-to-end payment tool offering an opportunity for new services and bringing more value to customers.

The proliferation of multiple channels and the increasing dematerialisation of payments could open up new opportunities for acquiring with increased competition on the acquirer side, which will undoubtedly lead to lower fees and better service. All of this will be closely linked to the ability of the solutions to operate together, because it is in the merchant's interest to have as many payment methods as possible on the same device at the lowest cost, so as to optimise the possibility of offering the customers their preferred payment solution.

 

Author: Tite-Voltaire Soupene

(1) Strong authentication (PSD2 Directive, 2018); Card payments (PCI DSS); Interchange fees (EU Regulation 2015/751). 
(2) In 2019, more than half the French population, i.e. 58,6 %, preferred to pay via bank card. (Statista, 2021)

Ready for the digital euro?

It is intended to supplement cash and be accessible to the population and businesses: the new, digital central bank currency for the euro area or better known as the digital euro. After the first episode of our blog was dedicated to the presentation of the Central Bank Digital Currency (CBDC), in this article we look at possible implications: what are the requirements for the "digital euro" project? What do to financial institutions and financial services providers have to prepare for if the ECB makes this concept a reality?

The ECB, for its part, has already formulated fundamental requirements in its Report on a digital euro. From it, the first trends for the payments and banking sector can be deduced.

  • Matching the standard: The provision and processing of the digital euro should be compatible with the existing payment infrastructure – that is, with private payment applications that fit the SEPA and TARGET system.
  • Central or decentralised? That is the question: Whether the output and processing is to be realised via a central or decentralised infrastructure (for example, using distributed ledger technology) is still to be decided.
  • Security is a must: The fail-safe operation of the processing systems has the highest priority. Services must also be able to withstand cyber attacks.
  • Broad acceptance: The digital currency is to be available throughout the euro area, potentially also outside Europe.
  • Easier access to means of payment: The digital euro is intended to promote financial inclusion and is also intended for those EU citizens who do not have access to a bank account.
  • Right approach to customers: Intermediaries, such as financial institutions, should use their expertise to provide their customers with access to the digital euro and to provide additional services regarding the digital euro.
  • Complies with the regulations: Compliance and regulatory aspects must be fulfilled. This ranges from anti-money laundering (AML) to the Payment Services Directive 2 (PSD2).
  • User-friendly: Whether via an app or an additional device: for citizens, the digital euro must be easy to understand and intuitive to use. Of course, the digital euro is meant to protect the privacy and not create additional fees. The new means of payment will be used both at the point of sale and for payments on the Internet.

Big agenda without big bang

The requirements make it clear that this is a major joint project between financial institutions, other payment institutions and the ECB, which cannot be implemented in a big bang but must be realised in a long-term, step-by-step process. Nevertheless, a strategic preparation is key. Thus, a number of questions must be answered. If the ECB were to decide on a decentralised infrastructure, how would it be mapped? Can the existing infrastructure be used or are technical preparations necessary? Is a completely new infrastructure needed? Financial institutions should also analyse whether their payment systems are at the necessary maturity level for the settlement of digital central bank funds. If not, it may be necessary to take corrective action. This also applies to the required user interfaces that are necessary so that private consumers and corporate customers can use the digital euro. In addition, the decision-makers should think about the processes and design of these interfaces. It is best to keep in mind the ECB's goal of making the digital euro as easy-to-use as possible for the end consumer. Considerations are also useful for the design of the payment process in off- and online retail. An interesting question here is how the digital euro can be used offline? Last but not least, it is important to consider whether the digital euro can open up new business models. It is certainly beneficial to have a plan ready when the ECB gives the go-ahead.


Author: Anja Kamping

Time of upheaval

Postponed is not cancelled: the change to ISO 20022-compliant data formats in payments is coming – albeit a year later. And it brings with it further changes, not least for SWIFT. The planned transaction management platform (TMP) is intended to make international payment flows more transparent and faster. However, are these central systems secure enough? And are there alternatives? 

Central data platform as a development goal

Payment systems are at the heart of the financial infrastructure. A breakdown like the one that occurred for TARGET2 last year weighs heavily and understandably caused backlash. The postponement of the change to ISO 20022-compliant XML data formats in European payments is not related to this, but of course gives the financial institutions time leeway. They may need this time because the format change also set other things in motion. With the TMP, SWIFT has announced the establishment of a central data platform for international payments based on the XML standard. 

By storing all transaction data centrally, all parties involved in the process can access the data at any time. For SWIFT, this is a paradigm shift, away from a mere information broker to a fully-fledged payment logistics provider. The platform solution offers several benefits:

  • Reduction of interfaces
  • No data loss between the individual stations
  • High transparency for all parties involved
  • Higher manipulation security
  • More service offerings

No introduction without risks

However, the introduction of the TMP bears some risks. First, there is a possible breakdown of the SWIFT network. With the central TMP, in extreme cases all orders of a certain time period were lost. Financial institutions' concerns about implementing a single point of failure cannot be completely dismissed. Regarding the confidentiality of the data, it must be taken into account that the United States already demanded direct access rights to the data stock of the SWIFT US data centre. In response, SWIFT set up a location in Switzerland, among other places.

Are there alternatives to SWIFT?

In principle, yes – but the choice is limited: potential candidates are Internet payment networks such as Ripple. The first major financial institutions are already using the system in a test run. Central bank digital currencies are not yet ready for the market, but they will definitely present a possible alternative in the future. The e-renminbi is already in the trial phase in some Chinese provinces and the Swedish e-krona has recently started a test run. The ECB is likely to follow suit with the digital euro.

Cross-border real-time gross settlement systems (RTGS) are also worth considering. However, not many of these exist or, like SEPA, they are fixed on a single currency. Finally, there are special cooperation schemes that are set up as alternatives to SWIFT, such as the Instrument in Support of Trade Exchanges (INSTEX). This European system was created specifically for the trade with Iran. China has taken a similar path with CIPS. Visa B2B Connect works in a completely different way but is in principle also based on the cooperation of the participating financial institutions. In Europe, the service is currently available in selected countries.

Still, even a solution from SWIFT that uses one of the rare alternatives does not exempt financial institutions from the obligation to change to ISO 20022-compliant XML data formats. At the same time, it is advisable for financial institutions to take a close look at and question the changes in cross-border payments that are pending because of TMP. In the roadmap toward ISO 20022, some time has been gained by postponing the go-live date – this time should now be used wisely!

Authors: Sabine Aigner, Thomas Ambühler

Uninterrupted payments – who doesn't want that?

Some software systems are so critical that the absolutely highest demands on their availability must be met. Admittedly, in the financial sector, the matter is not one of life or death. But the requirements for real-time payments or authorisation processes are constantly increasing and maintenance windows in particular are no longer acceptable. And rightly so: if a maintenance window causes you to get the account statement an hour later or the portal is not accessible for an hour, it may be annoying but not too much of a loss. However, if the bank customer suddenly can no longer pay at the point of sale or cannot authorise a payment in real time, the unavailability becomes extremely relevant.

Therefore, after the authorisation process for card payments, the introduction of instant payments in Europe has made real-time credit transfers an application field for interruption-free systems as well.
Let us first discuss freedom from interruptions. Uninterrupted operation is defined by two different characteristics:

  1. Avoidance of planned unavailability
    The system is permanently operational during normal operation. It has no periodic times of limited functionality such as end of day or reorganisation.
    The system is designed so that even release changes can be carried out during operation without causing downtime.
  2. Reduction of unplanned unavailability
    The system is highly available even in error scenarios. The probability of guaranteed operation is therefore high despite failure of individual components. This probability is calculated or measured as the ratio of production time to runtime, i.e. the time including the downtime, for example 99.99 percent.
    Robustness in overload scenarios is of particular interest here. Although every system has its limits, it does make a difference whether everything collapses beyond the load limit or whether only the additional load cannot be processed as per specifications.

The enthusiasm for the topic usually drops considerably when looking at the costs. It is therefore worthwhile to find architectural solutions and not just shift everything onto the infrastructure. However, even the best software will only work if the system environment is available. I won't to go into more detail on high-availability infrastructure, operating systems, database systems and message brokers – all of which are prerequisites for an uninterrupted overall system. Instead I would like to focus on the software architecture. This can enable the targeted implementation of availability requirements while keeping costs under control.

Since high availability is expensive, the critical processes must first be identified. Therefore we must answer the question which processes must really work all the time and which can be made up for later. In real-time payments, for example, bulk processes are less critical than individual payments.

If large components fall under the critical processes, it should be analysed whether they can be bridged. Can an alternate component replace the critical tasks of a large non-highly available component for the downtime period? In payments, for example, the booking system can be such a large, non-highly available system and the online balance check can be the critical process that must be bridged.

Of course, payments processing as a whole does not work without statuses: unfortunately, money can only be spent once, so the account balance is a relevant status and a banking software must of course be able to accurately reflect this. In our case, this always leads to the use of databases and the need for persistence before and after each relevant status change. It is the design of the database model that determines whether or not we achieve our goal. Highly available processes should work with stable and/or migration-free data structures. This is the only way to avoid the need to shut down critical processes to change the database schema.

The remaining topic is robustness. Science also refers to resilience when describing that disruptions or partial failures of technical systems do not lead to complete failure. In payments, such disruptions can be peaks in the load above agreed limits or surrounding systems that do not respond as quickly as agreed. Downtime of business partner systems and missing acknowledgements of large amounts can also cause failures. In reactive programming, we have found a paradigm that allows for the desired robustness through orientation based on data flows. An overload can thus be encapsulated within affected areas and nothing stands in the way of uninterrupted operation for the remaining data – in our case payments.


Author: Thomas Riedel

The European retail payments strategy – a small reminder of what’s to come

Most of us should have heard it: those interested in payments were not able to miss the European retail payments strategy (RPS) that the EU Commission published on 24/09/2020 and that details the framework conditions for the future orientation of payments in Europe. The paper is worth a read and contains specific recommendations for action and ideas. Of course, a strategy is not yet a law. It is not yet a matter of concrete regulations or implementation dates. However, one can predict which changes will become relevant for payments sooner or later. Specifically, it is about the next 2-4 years.
The retail payments strategy comprises four pillars with 17 measures:

The first pillar deals with digital and instant payment procedures. Here, one aspect is of particular importance. If the circulation of instant payments (SCT Inst) is not sufficient across Europe by the end of 2021 (which is the current trend), there will be a legal obligation to provide and accept SCT Inst. However, the EU Commission would like to see an "SCT Inst return option" to give consumers similar rights to a credit card payment (chargeback) when they make a transfer. There will also be a European standard for the use and acceptance of payments by means of QR code, and a digital identity will be promoted. The acceptance of cashless payments is also to be expanded.

The second pillar is about an innovative and competitive payment market. Here, an important aspect that needs to be mentioned is the PSD2. Two years after the last amendments came into force, the hoped-for success is not yet fully visible. Various interpretations form a multitude of obstacles that also exist within individual countries. A review of the current implementation is planned by the end of 2021. The results and experiences are to be incorporated into a proposal for an open banking framework by mid-2022. Whether this will then be called PSD3 or given another name will not be decisive.

The third pillar is about efficient and interoperable payment systems. Here, the focus is on the technical infrastructure that should be available across Europe. Cross-border European payments, including from member states with different national currencies, should be possible in real time.

The fourth pillar comprises efficient international payments. Efficient payments include the traceability of payments that is already being implemented with SWIFT gpi. The use of standardised and modern formats also contributes to this and is already being promoted by the worldwide transition to ISO 20022. Payments to third countries should generally be made faster and more comfortable.

It remains exciting to see which concrete measures will follow. We all know that regulation can never keep up with market developments. When the PSD2 was adopted, for example, hardly anyone had any idea of the diversity that biometrics, voice assistants and paying items (rings, watches, bracelets) would already occupy in everyday life. The legislator can only control the market by means of framework conditions. The retail payments strategy does present some interesting framework conditions, more on its content will follow soon.

The original EU retail payments strategy can be found here:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020DC0592

Author: Swaantje Anneke Völkel

The digital euro should be like cash: secure and anonymous

Why do consumers use notes and coins to pay? Cash primarily ensures anonymity and privacy during the payment process. In Germany in particular, cash is of great importance as a means of payment, not least because of these core characteristics. However, the corona virus crisis has led to a shift in payment habits: contactless payments are experiencing a real boom. In its latest publication "Report on a digital euro" the ECB emphasized that although cash is, in Germany, still the most widely used means of payment, there is a clear trend towards more use of digital and innovative forms of payment. This change in payment behaviour can be seen not only in Germany, but across Europe. 

Digitisation needs digital money

The euro area must be prepared for the future and be able to react to short-term changes. The introduction of a “central bank digital currency” (CBDC) could be an important stepping stone to take digitisation and innovation in the European society to a new level. The ECB defines this digital euro as an electronic representation of central bank money that is to be made available to both citizens and businesses. Cash is supplemented by the CBDC as a further means of payment.

The design is still to be specified

The ECB has not yet decided on the design. In addition to considering which models are possible, the ECB has defined its (key) requirements for such a CBDC in the above-mentioned report. In the report, the ECB describes the conditions under which the introduction of a digital euro is necessary and the possible approaches to its design.

Feedback wanted

Broad acceptance of the digital euro is essential. In order to assess how the CBDC should be designed and which use cases are best suited, the ECB has sought public opinion on a digital central bank currency in Europe through an online consultation. Citizens, institutions and experts had the opportunity to submit their views and proposals for solutions. The feedback was enormous and shows the great interest in the topic: more than 8,000 responses were received by the ECB, and the first results have already been published. Accordingly, more than one in three of the participants demand a digital euro that protects the privacy of payment transactions. There is also a strong desire for security and a pan-European reach in a CBDC. It should therefore reflect the core characteristics of cash payments.

Decision by mid-year

Further results of the survey will follow in spring. On their basis and the results from the previous internal investigation phase, the ECB intends to make decisions by 2021 on the start of the digital euro project.

In an online interview on "Reuters Next," ECB President Christine Lagarde said she expects the digital euro to be introduced in the coming years, therefore, the new currency could soon be a reality.

Further information:

European Central Bank: Report on a digital euro, Brussels, October 2020

European Central Bank: ECB digital euro consultation ends with record level of public feedback, 13/01/2021

Author: Anja Kamping

EBICS as a SaaS – EBICS in the cloud

Whether for financial institutions, corporate customers, payment service providers or Internet service providers: EBICS is used in all these areas in Europe today. Why is that? On one hand, EBICS is geared towards the mass payments that are common in corporate banking, and on the other hand, EBICS is established as an e-banking standard in Europe. 

 

I need EBICS connectivity – do I have to operate EBICS myself? 

 All the EBICS market participants have one thing in common: their core business is usually not primarily in the operation and handling of the EBICS communication, but, for example, in the supply and sale of banking products, payment services and in the Internet business. The communication needs to work, and you want to rely on a standard, so that you do not have to build and maintain your own connection solutions with each partner.  

In order to be able to concentrate fully on the core business, it might be interesting to think about the "software as a service" concept for all services related to EBICS. There are different approaches for the EBICS services to be operated in the cloud. Service users may be able to save a lot of money and thus benefit from greater flexibility because an EBICS solution can be introduced faster and can be expanded or reduced more easily.   

Financial institutions with a smaller number of potential EBICS customers in particular shy away from the high initial costs of installing and operating an EBICS bank server themselves. Is this effort and its cost worthwhile for the initial few, perhaps 50 – 100 corporate customers?

EBICS in the cloud

So why operate the service yourself? Why not hire a service provider who has been involved in the EBICS business from the very beginning and thus has mastered all its facets?
Buying a complete EBICS bank server as a service at low cost, that would be it. The best way to do this is to use a web-based corporate customer portal, so that customers can enjoy the new service quickly and without much effort. Both financial institutions and corporate customers can then use these services.

EBICS is not a service that is only about gaining a decisive advantage in competition with other financial institutions. Offering EBICS and the corresponding payment services is one of the "must-haves" of a financial institution. So why not share the initial cost with others and use a more cost-effective service in the cloud?

EBICS in the cloud: perhaps a worthwhile course of action. Right?

Author: Michael Lembcke

Request to Pay – easy thanks to EBICS

Appealing to consumers, and an important addition to point-of-sale (POS) purchases from a business customer's perspective – such are the current reviews for Request to Pay (RTP). The new initiative for a uniform payment request (EPC014-20) in the European area has been defined by the European Payments Council (EPC) in June 2020.

With an RTP solution, customers can now pay for their purchases directly at their customer advisor without having to go to the cash register. The shopping experience will change significantly as a result. In online trading, RTP is a better payment option for the supplier than direct debit; after all, the latter may be revoked. With the credit transfer resulting from the RTP, additional fees, such as those for credit cards, PayPal and similar solutions, are eliminated. This also applies to the additional infrastructure costs of the processors.

Another advantage is that RTP can be used to transport all the information that the following credit transfer must contain from the payment recipient's perspective. The goal is to ensure a payment accounting that is as fully automated as possible. This is achieved by obliging each of the parties involved to forward the data once received to the next instance for further processing. However, in order for private consumers to be able to use this new idea across the board, appropriate mobile applications must first be created for debtors. This will undoubtedly happen – even though quite some time will likely pass until then.

At present, the EPC initiative is still unclear on how the promoted universal accessibility of the debtor can be implemented in a uniform manner. In this case, the basic concept that the RTP recipient can be addressed in any arbitrary way impedes rapid implementation. As is so often the case, the EPC is encouraging the new service providers to take the initiative here. But many questions remain unresolved. The specification leaves questions open and relies on solutions from future suppliers which do not yet exist.

This is precisely where financial institutions have the opportunity to take active action – now! The EBA has already made a proposal that is simple and fully functional for Europe and is implementing it in infrastructure solutions. The concept is simple and based on the SEPA clearing of the European Union. In the EBA's RTP network, the debtors are unambiguously identified with their IBAN. The EBA's payments clearing system can now be used to identify and reach each financial institution of the payer. This gives European financial institutions control over mass payments and provides them with a Europe-wide alternative to the many mobile but incompatible national payment procedures on offer, in particular PayPal.

If the payer's financial institution receives an RTP, it will notify the payer about the payment request via existing online banking channels. Ideally, this is done directly via the financial institution's associated app on a mobile device. The debtor can then pay for the product immediately. However, this still requires updates to the customer systems of companies and payers.

Just like in the B2C business, RTP can also be used in the B2B business. Especially since the introduction is much easier and faster than in the consumer business. With the EBICS protocol, a huge number of companies are already using a channel that can be easily extended for RTP. In many cases, a simple configuration adjustment in the form of new order types is enough. Thus, companies can now send a payment request to another company by submitting an RTP (pain.013) order. The latter also receives the payment request via EBICS. The target address is simply the IBAN, and the rest of the process is performed electronically across Europe – via the existing EBA networks as a central clearing platform. This means that, in principle, every company and every account holder in the SEPA area can be reached. 

The associated status return messages signal the invoice issuer in a short time whether the debtor rejects or accepts the sent RTP. In the latter case, the goods can be shipped. The payment does not always have to be initiated immediately; payments at a later date are also supported by the RTP specification. In the RTP process, two different ISO XML formats (pain.013.001.07, pain.014.001.07) are used. If necessary, a recall can also be implemented. Everything can be easily transported via EBICS.

For a convenient use of RTP, the EBICS customer systems and corporate customer portals can now implement the appropriate creation and upload functions and display the status return messages in their interfaces. If there is no response from the RTP recipient, the status can be actively requested at any time. Or a recall of the RTP can be initiated (pain.056).

As existing SEPA credit transfers or instant payments can be used in the process, payments and incoming messages for accounts within the span of seconds become possible. The advantage of an RTP over a direct debit is obvious: no complex mandates need to be created or stored. In addition, payments made in this way cannot be recalled per se. For the retailer, RTP thus reduces the risk of a direct debit revocation, which otherwise exists for a few weeks.

Now is the perfect time for companies to create the right conditions for RTP. In doing so, they will be ready when consumers can use the new payment format at any time and in any place in a mobile manner.

PPI will implement the conditions for a Europe-wide success of RTP in the TRAVIC products in 2021. TRAVIC-Port will enable the creation and upload of RTP, TRAVIC-Corporate will authorise the submitter and validate the RTP order, and TRAVIC-Payment Hub with TRAVIC-Interbank will support the transfer to the EBA network. Through RTP, financial institutions can at least partially regain their formerly central role in payments, which they have lost to alternative methods such as PayPal and others.

Author: Michael Schunk