Initialising an EBICS bank access

 
Explanation

The application supports EBICS bank access with the protocol versions 2.x and 3.0.

The instructions for creating a bank account describe the following constellations:

Creating a bank access with protocol version EBICS 2.x

Creating a bank access with protocol version EBICS 3.0

Creating a bank access with the protocol versions EBICS 2.x and 3.0

During the initialisation you authenticate yourself to the bank server of the financial institution, download bank keys or certificates and activate them.

The following instruction describes the initialisation of the bank access in an exemplary way by means of the security medium smartcard. The procedure is mostly similar with the security media key file, certificate file, security token or signature app. The difference is only in the labels on the masks and on buttons. For example, for the security media certificate file and security token, the label says Send certificate instead of Send keys.
Procedure for creating an EBICS 2.x bank access

1.

On the start page, in the area Your bank access "<name of bank access>" has not been initialised yet, click on Initialise now.

2.

Click on Start wizard.



3.

In the field Name, enter the name of the bank access.

4.

Click on Next step.

The mask for sending the keys opens.

5.

Read the information on the mask.

To send the public keys to the financial institution, click on Send keys.

6.

a)

Insert the smartcard into the card reader and click on Submit.

b)

Enter the PIN of your smartcard.

The keys are transferred to the financial institution.

7.

If this is successful, the INI letter is made available for downloading.

8.

Select the radio button Save file and save the INI letter on your computer.

9.

Print out the INI letter, sign it and send it to your financial institution.

10.

Click on Resume later.

11.

Confirm the warning message with Suspend.

The bank must activate your access. Depending on how your financial institution works, the release of the public keys may be automated or take some time (up to several days). If your financial institution releases the keys automatically, continue with the optional step for setting up push notifications (see section Configuring push notifications).

Once the bank has activated your access and has not automatically released the keys, you will be informed of this on the start page of the application.

If you download the bank keys before they are activated by the bank, an error message is displayed.

Log out from the application.

12.

Log in to the application.

When your bank access has been activated you will be informed of this on the start page after you log in.

13.

Click on Continue now.

Alternatively, proceed as follows:

1.

Select Settings ➔ User settings, tab Bank accesses.

2.

Select the bank access for editing.

3.

Click on Continue initialisation.

The mask with your keys opens. A green checkmark is displayed as a processing indicator next to the button Download bank keys.

14.

Activate the keys.

The operator of the application defines whether you activate the keys with or without a hash value check.

Activation with hash value check

Click on Activation with a hash value check.

Enter the hash values of the authentication key and encryption key from the public key of the financial institution for EBICS 2.x in the mask. The operator defines how many characters you have to enter for the respective key.



The application helps you with information texts.

Confirm your entry by clicking on Release bank keys.

Activation without a hash value check

Click on Activation without a hash value check.

15.

Click on Next step.

The key exchange is completed.

16.

To download the order types assigned to you (i.e. your protocol user) at the bank server, click on Download order types.

If the button is not selectable, you either do not have the right Protocol user bank accesses: assign order types/BTFs from bank server or the financial institution sends the order types automatically.

In that case, skip the step.


17.

Click on Next step.

Your bank access has been initialised successfully. You can use this bank access to execute business transactions that are assigned to you at the bank server, for example signing payment orders and transferring them to the financial institution.

In the menu, select Start page.

If your bank access is assigned the EBICS profile EBICS-FR with the CFONB profile Submitting party profile (T), you cannot provide EBICS signatures, i.e. you cannot sign bank-technical orders.

To subsequently change your bank access, e.g. assign ordering party accounts (not included in the standard scope of the application, see section Assigning ordering party accounts to a bank access), select Settings ➔ User settings, tab Bank accesses.
Procedure for creating an EBICS 3.0 bank access

1.

On the start page, in the area Your bank access "<name of bank access>" has not been initialised yet, click on Initialise now.

2.

Click on Start wizard.



3.

In the field Name, enter the name of the bank access.

4.

Click on Next step.

The mask for sending the certificate opens.

5.

Read the information on the mask.

To exchange the public keys with the financial institution, click on Send certificate.

6.

Confirm the sending of the certificate with your security medium.

7.

If this is successful, the INI letter is made available for downloading.

Confirm the download with your security medium.

8.

Click on Open INI letter and save the INI letter on your computer.

9.

Print out the INI letter, sign it and send it to your financial institution.

10.

Click on Resume later.

11.

Confirm the warning message with Suspend.

The bank must activate your access. Depending on how your financial institution works, the release of the public keys may be automated or take some time (up to several days). If your financial institution releases the keys automatically, continue with the optional step for setting up push notifications (see section Configuring push notifications).

Once the bank has activated your access and has not automatically released the keys, you will be informed of this on the start page of the application.

If you download the bank keys before they are activated by the bank, an error message is displayed.

Log out from the application.

12.

Log in to the application.

When your bank access has been activated you will be informed of this on the start page after you log in.

13.

Click on Continue now.

Alternatively, proceed as follows:

1.

Select Settings ➔ User settings, tab Bank accesses.

2.

Select the bank access for editing.

3.

Click on Continue initialisation.

The mask with your certificate opens. A green checkmark is displayed as a processing indicator next to the button Download bank certificates.

14.

Release the certificates.

The operator of the application defines whether you activate the keys with or without a hash value check.

Activation with hash value check

Click on Activation with a hash value check.

Enter the hash values of the authentication key and encryption key from the certificates of the financial institution in the mask. The operator defines how many characters you have to enter for the respective key.



The application helps you with information texts.

Confirm your entry by clicking on Release bank keys.

Activation without a hash value check

Click on Activation without a hash value check.

15.

Click on Next step.

The certificate exchange is completed.

16.

To download the BTFs assigned to you (i.e. your protocol user) at the bank server, click on Download BTFs.

If the button is not selectable, you either do not have the right Protocol user bank accesses: assign order types/BTFs from bank server or the financial institution sends the BTFs automatically.

In that case, skip the step.


17.

Click on Next step.

Your bank access has been initialised successfully. You can use this bank access to execute business transactions that are assigned to you at the bank server, for example signing payment orders and transferring them to the financial institution.

If your bank access is assigned the EBICS profile EBICS-FR with the CFONB profile Submitting party profile (T), you cannot provide EBICS signatures, i.e. you cannot sign bank-technical orders.

To subsequently change your bank access, e.g. assign ordering party accounts (not included in the standard scope of the application, see section Assigning ordering party accounts to a bank access), select Settings ➔ User settings, tab Bank accesses.

Bank accesses with EBICS 3.0 no longer support the bank protocol (menu Order status ➔ Bank protocol).

You can find the information in the status overview (menu Order status ➔ Status overview).

If you have changed your bank access from EBICS 2.x to EBICS 3.0, it is possible that bank protocol entries for EBICS 2.x were still downloaded prior to the change. You can still view these entries in the bank protocol.

A note to this effect is displayed when you open the bank protocol.

If you do not see a note, check whether you have permanently deactivated the note. Proceed as follows:

1.

On the start page in the Messages and tasks mask area, click on .

2.

In the mask area Notes the notes you have deactivated are displayed.

If the mask area is missing, you have not deactivated any notes.

3.

Activate the note Download bank protocol.
Procedure to create a bank access that supports both EBICS 2.x and 3.0

1.

On the start page, in the area Your bank access "<name of bank access>" has not been initialised yet, click on Initialise now.

2.

Click on Start wizard.



3.

In the field Name, enter the name of the bank access.

4.

Click on Next step.

The mask for sending the certificate opens.

5.

Read the information on the mask.

To exchange the public keys with the financial institution, click on Send certificate.

6.

Confirm the sending of the certificate with your security medium.

7.

If successful, you will be offered the INI letter for download (unless you have activated an automatic bank key activation by your operator).

Confirm the download with your security medium.

8.

Click on Open INI letter and save the INI letter on your computer.

9.

Print out the INI letter, sign it and send it to your financial institution.

10.

Click on Resume later.

11.

Confirm the warning message with Suspend.

The bank must activate your access. Depending on how your financial institution works, the release of the public keys may be automated or take some time (up to several days). If your financial institution releases the keys automatically, continue with the optional step for setting up push notifications (see section Configuring push notifications).

Once the bank has activated your access and has not automatically released the keys, you will be informed of this on the start page of the application.

If you download the bank keys before they are activated by the bank, an error message is displayed.

Log out from the application.

12.

Log in to the application.

When your bank access has been activated you will be informed of this on the start page after you log in.

13.

Click on Continue now.

Alternatively, proceed as follows:

1.

Select Settings ➔ User settings, tab Bank accesses.

2.

Select the bank access for editing.

3.

Click on Continue initialisation.

The mask with your certificate opens.



14.

A green checkmark is displayed as a processing indicator next to the button Download bank keys.

In this case, your financial institution supports the EBICS protocol versions 2.x and 3.0. To be able to use the bank access to the full extent, activate both keys.

You can usually find the certificates in the BPD letter you received from your financial institution. If this function has been set up by your provider, the application offers you a link in this mask which you can use to view the certificates of the financial institution.

15.

Activate the keys.

The operator of the application defines whether you activate the keys with or without a hash value check.

In the above example, the keys were automatically activated.

Activation with hash value check

Click on Activation with a hash value check.

Bank access with protocol version EBICS 2.x: enter the hash values of the authentication key and encryption key of the financial institution in the mask.

Bank access with protocol version EBICS 3.0: enter the hash values of the certificates of the financial institution in the mask.

The operator defines how many characters you have to enter for the respective key.



The application helps you with information texts.

Confirm your entry by clicking on Release bank keys.

Activation without a hash value check

Click on Activation without a hash value check.

16.

Click on Next step.

The certificate and key exchange is completed.

17.

To download the BTFs assigned to you (i.e. your protocol user) at the bank server, click on Download order types/BTFs.

If the button is not selectable, you either do not have the right Protocol user bank accesses: assign order types/BTFs from bank server or the financial institution sends the BTFs automatically.

In that case, skip the step.


18.

Click on Next step.

Your bank access has been initialised successfully. You can use this bank access to execute business transactions that are assigned to you at the bank server, for example signing payment orders and transferring them to the financial institution.

If your bank access is assigned the EBICS profile EBICS-FR with the CFONB profile Submitting party profile (T), you cannot provide EBICS signatures, i.e. you cannot sign bank-technical orders.

To subsequently change your bank access, e.g. assign ordering party accounts (not included in the standard scope of the application, see section Assigning ordering party accounts to a bank access), select Settings ➔ User settings, tab Bank accesses.

Relevant topics: