Since the
introduction of cryptographic keys in online banking, both for private and
corporate customers, the process of exchanging the public keys of bank and user
has always been a lengthy and complicated process. Admittedly, for the users it
is particularly burdensome – and for the rest of humanity it is a riddle
wrapped up in an enigma:
The INI letter procedure that has become established for key exchanges. In use for over 15 years, it is a reoccurring hindrance to the use of EBICS. Generating keys, sending them, then printing the INI letter on paper, signing it and handing it over to the financial institution is complicated and tedious for many. Processing at the financial institution itself, where an employee receives the INI letter, then calls up the corresponding customer contact in the EBICS system and compares the values of the electronic transfer with the values on the INI letter or even has to type them out digit by digit, is also time-consuming. Of course, the signature provided on the account sheet or contract must also be verified. It doesn't sound at all like the digitalisation that is supposed to accompany our business processes today.
Simplifying
the release of EBICS keys
Everything would be much easier if financial institutions were to detach the
above process from their own employees, digitalise it completely and thus
delegate it to the users themselves. The first step to be implemented is the
unambiguous recognition of the respective user by exchanging a mutually agreed
secret (e.g. TAN) or – if already available – an activated online session that
ensures that the user is actually the right person. As a rule, this already
applies to every registered online banking session. If we assume that after a
successful key submission, the bank system can reach the active user online,
e.g. via smartphone by SMS or app or via an online banking session, then it
would surely also be possible for this user to personally confirm the
correctness of the key transfer and thus release the EBICS keys within a very
short time.
Only the
user!
The user may do this because the bank system has determined the identity of
that user for release – for example, through the correctness of the requested
TAN. The user then only compares the values of the INI letter and the display
in the bank system and confirms their correctness. And maybe has to enter them
again. In other words, exactly what the employee at the financial institution
does. Of course, the bank system logs this release by the user in order to have
proof later that the user has checked the process.
Digitalisation
in action
Users of the EBICS protocol can use their new
access within a few minutes. Time-consuming printouts and transfers to the
respective financial institution will no longer be necessary. Days of waiting
time are reduced to minutes. The financial institution saves itself lengthy and
expensive manual in-house processes of key release. Transferred documents – the
INI letter – no longer need to be archived. The digital logging of the new
procedure is sufficient and no longer requires manual creation/digitalisation
of the INI letter. Customer satisfaction and acceptance of the EBICS procedure
are strengthened, financial institutions save costs for employees and manual
post-processing. Digitalisation in action, an undeniable win-win situation!
Author: Michael Schunk
0 comments:
Post a Comment