Instant customer notifications with “Push-EBICS”
Everyone is talking about PSD2 and the provision of APIs by banks. These APIs undeniably offer many advantages and can be used to significantly simplify business processes.
more information on ennoxx.bankingHowever, this overlooks the fact that these APIs always have to be actively brought up by the customer. This is perfect for the transmission of data. Only when receiving data must the company actively ask the bank whether data is available (“pull method”). As the customer does not even know if data is available in some cases, e.g. with a credit notification from the receipt of an instant payment, it makes sense to proactively inform corporate customers in particular when such an event occurs and to be able to have the bank actively initiate the transfer of this data.
However, as soon as user data needs to be transmitted to corporate customers, regardless of the type of API (on the corporate customer’s side), the question of security measures such as transport encryption, user data encryption and sender authentication arises.
So what could be more obvious than to use the EBICS protocol for this type of communication, too. The EBICS protocol is also an API in the broader sense, even if it is not as “lightweight” as a RESTful API, because security and key management play a significant role.
In an established, initialised EBICS connection between the company and bank, all the necessary keys are already available, exchanged and verified. The roles are simply swapped to allow for communication between the bank and the company. The only thing that changes is the initiating party: Where previously the corporate customer had to request data, in the future this can be actively provided by the bank.
Push-EBICS is activated by simply sending off a signed EBICS order in which the company informs the bank at which URL it can be reached for receiving EBICS messages and which order types should be actively delivered by the bank. It is of course also possible to deactivate individual types of orders or all types of orders.
“Push-EBICS makes instant payments truly instant and enables 24/7 cash management”
Summary
- Corporate customers are actively informed when an event occurs on the bank’s side
- Expansion of the EBICS protocol to make corporate customers accessible and to actively transmit information to them (“push instead of pull”)
- Active availability allows corporate customers to react to the bank’s messages (“triggers”) and therefore streamline and automate banking processes
- The accepted, established, trusted and secure EBICS protocol is also used for the “feedback channel” from the bank to the company
- Minimal changes required on the bank and customer sides
- By using the already established, initialised connection and the existing keys, no further initialisation is required of the bank and there is no need to expand the key management system and the associated processes
- Faster processing, as both information regarding the existence of the data and the user data itself is transmitted directly (“1 step to process”)
- In addition to the information regarding receipt of instant payment, this process can also be used for any other type of receipt order such as interim transactions, account information, PSRs, etc.