Faster and easier – automation progress for setup of EBICS bank access

EBICS payments are becoming more and more widespread in Europe. Most recently, Austria has also committed to the secure standard for corporate payments. However, the highest level of security requires the compliance with the standard and a thorough verification when establishing the digital business relationship. During the first initialisation of the EBICS bank accesses, a few steps define the process: the EBICS client generates a user bank key during the initialisation of an EBICS bank access, which is then sent to the bank server. In addition, a letter signed by the user with the public bank key is sent to the financial institution for personal identification and verified there. If everything is correct, the financial institution releases the set-up bank account and sends the user a welcome letter containing a rather long hash value for comparison. The users enter their hash value manually in the configuration mask of the EBICS client.

 
Of course, a successful key activation requires that the hash value be typed without errors. The paper letter ensures "separate channels" of processes but is perceived by many users as very tedious and time-consuming. And the final activation process by the financial institution may take a few days before the user can finally use the EBICS bank access in the EBICS client.

Is it not possible to do this in a more easy and quick way to relieve the user? 

Financial institutions that operate corporate web-based applications can take advantage of the trust that is placed in them. They can store the hash values of the different EBICS banks that they already know in their web application and thus make them usable for all their customers. Unknown or incorrectly stored hash values are ignored and the activation of the user remains as it was. 

The manual entry of the hash values of each EBICS bank account by the user can thus be omitted. As soon as the users have initialised themselves at their bank accesses and have been activated by the financial institution, the hash values of the public EBICS bank keys are automatically downloaded and compared with the stored values in the background. If this check is successful, the assigned order types of the user can be automatically downloaded via HTD. The user can use the bank account immediately after downloading the order types. This saves time and is easy on the user's nerves by eliminating the need to enter the hash value, which can be up to 32 characters long.

All this was realised in TRAVIC-Port with the version 4.6 by PPI AG and is in use with the first operators.

As of version 4.6 of TRAVIC-Port, when using the additional licence the final steps in the initialisation process for hash value matching are automated.

The acceleration and simplification of these processes are well received by users. The initialised bank access continues to secure corporate payments with all the benefits of the EBICS standard. And for financial institutions this represents a further step in the acceleration of processes through automation in corporate payments.

Author: Christian Veith