Electronic Banking Internet Communication Standard

The Electronic Banking Internet Communication Standard ( EBICS for short ) describes a new, in Germany multi-bank standard, for the transmission of payment transaction data over the Internet . After a transition period, EBICS is replacing the previous BCS-FTAM standard , for which there is no internet protocol.

History and future development

The EBIC standard was developed by the Central Credit Committee (ZKA; today Die Deutsche Kreditwirtschaft ) and included in the DFÜ agreement on January 1, 2006 . Since January 1st, 2008 there has been an obligation for banks to support EBICS. As of December 31, 2010, the banks' obligation to continue supporting BCS-FTAM ended .

In anticipation of a possible development towards a Europe-wide standard, the leading "E" of the acronym created the possibility of changing the name to " European Banking Internet Communication Standard". The French banks, represented by the Comité Français d'Organisation et de Normalization Bancaire (CFONB) have already concluded a cross-border cooperation agreement with the ZKA for the joint use of EBICS.

EBICS played a decisive role in the creation of the European Payments Area (SEPA) in 2014. The Deutsche Bundesbank has been supporting EBICS for submitting SEPA payment orders since January 28, 2008.

Technical details of the protocol

All data is embedded in an XML container and sent via HTTP with TLS encryption to guarantee secure transmission. The data is transmitted block by block and each block is secured with an electronic signature . In the event of transfer errors, a recovery function enables the transfer to be resumed from the last successfully transferred block. With a view to PKI -based models, the optional use of X.509 certificates for the exchange of the current RSA keys between customer and bank is supported.

Authorization concepts

In contrast to communication via F-TAM (via telephone / ISDN line), a wide variety of authorization options can be mapped in EBICS communication:

1. Electronic individual signature
2. Shared electronic signature
3. Distributed electronic signature

1.) This authorization concept provides that recording users are not made known to the receiving EBICS system. In the case of a payment transaction application in which files can be recorded, the variant is usually represented, for example, that only a technical participant initiates the transfer with a so-called e-signature (individual signature) and provides it with his electronic signature. The receiving system checks the receipt authorization and executes the payment.

2.) This authorization concept provides that the recording users are made known to the receiving EBICS system. The variants A-signature, B-signature and T-signature (transport signature) are normally used. For example, someone who does not have the right to sign outside the office is provided with a transport signature in the receiving system. The authorized signatories and persons of the company who are similarly authorized to sign appear with their respective A or B signature. The file sent to the receiving system then contains the A and B signatures in addition to the payment transaction file.

3.) This authorization concept is based on point 2. The difference, however, is that the signatures are not sent in a transport order, but that the file is only sent with a T-signature and is only signed afterwards with another transport order . The advantage may be that some companies use payment providers to create the data, but prefer to keep the verification of the data in their hands.

Variants of the EBICS system

A distinction is made between two variants within the EBICS system:

1. The customer-bank system used by many. In this case, the required software can be installed on any Internet-enabled PC. The customer can send payments or other files to his bank and protocols and delivering files such as electronic bank statements ( MT940 / STA), etc. Download .
2. The bank-bank system is a new variant. This is used by banks in addition to SWIFT communication to send each other payments and other files required for payment transactions. In this case, the software is installed on an internet-enabled server. In this case, the files are sent to the partner system from both sides. Only the EBICS logs are downloaded.

Web links

• Official Website (German)
• EBICS specifications
• International variant (English)
• EBICS Compendium (DE) (PDF; 600 kB)
• EBICS Compendium (EN) (PDF; 600 kB)
• Free EBICS client (French protocol v2.4)
• Epics - Open Source / LGPL EBICS Client (Protocol v2.5)
• Recommendations for the implementation of the EBICS standard for the Swiss financial center

swell

1. ↑ Central Credit Committee : New Franco-German cooperation in payment transactions - another step on the way to the Single Payment Area (SEPA) ( Memento from September 7, 2013 in the Internet Archive ) . As of November 14, 2008.