SEPA 2.0 is in full swing – the migration to new format specifications is starting!

New format specifications of the German Banking Industry Committee (DK) have been in force since November 2021. The changes have not had too much impact on financial institutions and their customers so far. In November 2023, however, this will change abruptly!

The SEPA formats for credit transfers and direct debits are changing comprehensively and all payments processing service providers as well as their end customers must get ready and make preparations for those upcoming changes.
As SEPA 2.0 will de facto affect all components and all systems, dealing with the topic and all its dependencies at an early stage is of great importance for smooth processing and uninterrupted further processing of payments.

The EPC published implementation guidelines in June of this year, which, in addition to the corresponding specifications, provide further information about the anticipated changes. The use of structured address data is an essential topic of the upcoming adjustments. Whereas addresses could previously be submitted and processed unstructured by specifying the name and address, with SEPA 2.0 addresses must be specified in a structured manner. In future, there will be separate fields for the name, the street and house number, the postal code and the ISO country code. In addition to the use of structured address data, adjustments to individual fields, such as the batch booking flag, have far-reaching consequences. With the new default setting true of the batch booking flag, a batch booking will be executed in the future. Only if there is a corresponding agreement with the customer for single bookings, each transaction will be shown individually on the payer's (ordering party's) account statement if the value false is set. 

The upcoming changes will therefore not only have an impact on the payment file and payments systems themselves, but will also affect peripheral systems such as master data systems. Many banks that rely on converter solutions or older SEPA format versions now have the chance to take a holistic look at their systems and ensure smooth further processing of payments as part of a project. In this approach, it is advisable to make use of mapping tables, which make analyses, evaluations and implementation recommendations easier and more targeted. This way, separate rules and mechanisms can be established for each institution.

The TARGET2/T2S consolidation has already shown that the migration from the MT to the MX format should not be underestimated and that corresponding projects require more time than many institutions had thought. A postponement of the date by the ECB Governing Council suited many banks. However, postponement and new transition scenarios that go beyond the scenarios in the implementation guidelines should not be presumed for the migration to SEPA 2.0. Those who do not opt for an early start are accepting an enormous risk.

Author: Rebecca Stannull

Digitalisation in action – key exchange via INI letter procedure

Since the introduction of cryptographic keys in online banking, both for private and corporate customers, the process of exchanging the public keys of bank and user has always been a lengthy and complicated process. Admittedly, for the users it is particularly burdensome – and for the rest of humanity it is a riddle wrapped up in an enigma:

The INI letter procedure that has become established for key exchanges. In use for over 15 years, it is a reoccurring hindrance to the use of EBICS. Generating keys, sending them, then printing the INI letter on paper, signing it and handing it over to the financial institution is complicated and tedious for many. Processing at the financial institution itself, where an employee receives the INI letter, then calls up the corresponding customer contact in the EBICS system and compares the values of the electronic transfer with the values on the INI letter or even has to type them out digit by digit, is also time-consuming. Of course, the signature provided on the account sheet or contract must also be verified. It doesn't sound at all like the digitalisation that is supposed to accompany our business processes today.       

Simplifying the release of EBICS keys
Everything would be much easier if financial institutions were to detach the above process from their own employees, digitalise it completely and thus delegate it to the users themselves. The first step to be implemented is the unambiguous recognition of the respective user by exchanging a mutually agreed secret (e.g. TAN) or – if already available – an activated online session that ensures that the user is actually the right person. As a rule, this already applies to every registered online banking session. If we assume that after a successful key submission, the bank system can reach the active user online, e.g. via smartphone by SMS or app or via an online banking session, then it would surely also be possible for this user to personally confirm the correctness of the key transfer and thus release the EBICS keys within a very short time.

Only the user!
The user may do this because the bank system has determined the identity of that user for release – for example, through the correctness of the requested TAN. The user then only compares the values of the INI letter and the display in the bank system and confirms their correctness. And maybe has to enter them again. In other words, exactly what the employee at the financial institution does. Of course, the bank system logs this release by the user in order to have proof later that the user has checked the process.

Digitalisation in action
Users of the EBICS protocol can use their new access within a few minutes. Time-consuming printouts and transfers to the respective financial institution will no longer be necessary. Days of waiting time are reduced to minutes. The financial institution saves itself lengthy and expensive manual in-house processes of key release. Transferred documents – the INI letter – no longer need to be archived. The digital logging of the new procedure is sufficient and no longer requires manual creation/digitalisation of the INI letter. Customer satisfaction and acceptance of the EBICS procedure are strengthened, financial institutions save costs for employees and manual post-processing. Digitalisation in action, an undeniable win-win situation!

Author: Michael Schunk