The EBICS problem: No new data without a client request
Although the EBICS technology, which was developed for payment transactions in enterprises, is enormously performing, it has suffered from a built-in shortcoming since its introduction in 2006: all actions are initiated exclusively by the customer. It is simply not possible to actively inform customers about new data available at the bank.
Although this design principle is practical in many respects, it is no longer up to date in times of end-to-end payments within seconds. After all, customers would have to send requests to the bank servers regularly at short intervals (polling) in order to obtain any new payment information.
However, permanent polling is ineffective in most cases and can also quickly lead to load problems on the bank's systems.
The solution: Push messages for the customers
One requirement for the solution was not to fundamentally change the established standard or to unnecessarily complicate it through complex changes.
That is why The German Banking Industry Committee has opted for a modern Internet technology that exists parallel to EBICS: WebSockets.
With WebSockets as an established and secure standard, permanent communication between bank and customer is possible. Information on payment orders can thus be easily sent directly to customers via push messages.
Upon receipt of a corresponding real-time message via push procedure, customers can immediately retrieve and process the available payment information via EBICS.
Real-time information via WebSocket
The relatively short Specification for ‘Real-Time Notifications’ from July 2019 contains the technical details for the connection with EBICS payment systems.
The wss protocol is used in accordance with RFC 6455 using TLS encryption.
WebSocket connections are established from the customer system to the bank's communications server and are then permanently available for message exchange. In particular, real-time messages from the customer to the bank are technically possible, whereby initially only the direction bank-to-customer is provided.
The number of connections between a customer and the bank is basically unlimited. After all, several customer systems could be used at the same time in the company. Messages to a customer are therefore always sent over all active connections.
If a connection is not available at the time the message to the customer is scheduled to be sent, the bank may also post such messages subsequently as soon as a connection has been established by the customer.
EBICS and WebSockets
The comfortable use and integration of the WebSocket interface into existing client products is ensured by the definition of new order types, amongst others. Both for EBICS 3.0 in the form of a corresponding BTF (Business Transaction Format) and for previous EBICS versions in the form of the order type
WSS, customer systems can automatically retrieve and evaluate the parameters required for establishing a connection from the bank.
All payload data for setting up a WebSocket session are delivered to the client in JSON format. In addition to the URL for establishing the connection, this also contains the parameters for authentication, the credentials.
With the Specification for ‘Real-Time Notifications’, The German Banking Industry Committee is consistently pursuing its strategy of using the established EBICS protocol for Instant Payment transactions.
In addition to the security of EBICS, real-time messages now also cover the requirements of modern payment systems for speed.
Due to the simplicity of the solution, both on the client and the server side, customer systems will be fit for real-time payment transactions in the foreseeable future.