Skip to content

Banking Preconditions

This article summarizes conditions for working with JustOn Cash Management and banks via EBICS. It outlines specifics for you to understand and acknowledge beforehand, and specifies a number of conditions for using the software.

For information in German, see Bankfachliche Rahmenbedingungen.

About Banking Data Exchange

JustOn Cash Management directly integrates Salesforce CRM with European banks. Using the secure, EBICS-compliant connection, businesses can directly retrieve and upload relevant payment information.

What is EBICS?

The Electronic Banking Internet Communication Standard (EBICS) is a transmission protocol for sending payment information between clients and banks as well as between banks over the Internet. It uses established standards for securely transmitting encrypted data. For details, see EBICS.

All German banks that are associated with the German Banking Industry Committee (Die Deutsche Kreditwirtschaft/DK) support EBICS and therefore allow exchanging payment information using JustOn Cash Management.

Prior to using the banking connection of JustOn Cash Management, your business must enter into a (usually chargeable) contract on the intended data access with your bank. From a technical perspective, you subscribe to an EBICS-compliant service for exchanging payment information. Hence you may be referred to as the subscriber, with your bank as the other contract party.

JustOn Cash Management supports EBICS 2.5 and EBICS 3.0 (Rev. 3.0.2). EBICS 2.5 is used with German banks only. EBICS 3.0 has introduced standardized Business Transaction Formats (BTF), which allow for working with German and other European banks – including French, Swiss and Austrian banks.

Access Permissions

Generally, EBICS allows for different permission concepts. JustOn Cash Management, specifically, uses the electronic distributed signature (EDS). This approach involves two access types for users: technical users prepare and transfer the data, and authorized users confirm and release orders.

JustOn Cash Management exclusively acts as a technical user with the signature class T (= transport). So it can retrieve bank statements and prepare and upload payment orders only, according to the access rights (order types, amount limit, etc.) that you have requested for it at your bank. Should the requested rights for the technical user exceed the necessary permissions for the data transfer, JustOn Cash Management will in no case exercise them and limit itself to operations under the signature class T.

Info

According to the German Federal Financial Supervisory Authority (BaFin), the bank access via EBICS does not constitute an online banking access and therefore does not require specific authorizations under the provisions for payment initiation services.

EBICS Initialization

Generally, EBICS initialization means exchanging public keys: You send your public subscriber keys to your bank, and your bank sends their public bank keys to you. Using the keys, you and your bank can then verify that any sent information – signed using the keys – is genuine.

The initialization procedure includes the following artifacts and procedure steps:

(1) EBICS access information
pay_app_init_bank1
After your organization has requested EBICS access, your bank sends a user letter to you. It includes the user data and other relevant access information for you to create the bank access.
(2) Electronic public subscriber keys
pay_app_init_bank2
As part of the bank access configuration, JustOn Cash Management creates your public subscriber keys and transfers them electronically to your bank.
(3) Printed public subscriber keys
pay_app_init_bank3
After adding the bank access, you are prompted to download the initialization letter, which includes your printed public subscriber keys. You send this document to your bank via postal mail or email.
(4) Public subscriber keys validation
pay_app_init_bank4
Your bank compares the public subscriber keys received electronically with the ones sent with the initialization letter.
(5) Printed public bank keys
pay_app_init_bank5
After your bank has verified the generated public subscriber keys for your bank access, it returns the confirmation letter via postal mail or email. This document includes the printed public bank keys.
Be aware that banks may also add the printed public bank keys to the user letter that includes the access information.
(6) Electronic public bank keys
pay_app_init_bank6
Once you have received the confirmation letter, you proceed to validate the public bank keys: This makes JustOn Cash Management fetch the public bank keys electronically.
(7) Public bank keys validation
pay_app_init_bank7
Now you compare the public bank keys received electronically with the ones sent with the confirmation letter.
Once you confirm the keys' validity, JustOn Cash Management completes the bank access setup. This makes the involved bank accounts ready for the EBICS-based data exchange with your bank.
pay_app_init_bank8

Note

EBICS keys are valid for one year.

If the keys are used (for uploading payment orders or retrieving bank statements) within the last 30 days of their validity, JustOn Cash Management automatically renews these keys, making them available for another year. If the expiry date has passed without renewing the keys, JustOn Cash Management disables the bank access, and users must repeat the EBICS initialization.

Order Processing

pay_app_ebics_process

In a rough outline, payment orders are processed as follows:

(1) JustOn Cash Management prepares the SEPA payment orders and encrypts the data packages.

(2) Under the EBICS signature class T, it then uploads the data to the bank, where the orders are queued.

If you have set up an amount limit for the technical user, preparing and uploading payment orders will be subject to this limit.

(3) An authorized user (EBICS signature class E or A/B) monitors the queue and releases the orders.

These operations are not controlled using JustOn Cash Management. The authorized representatives must use an appropriate third-party banking software or mobile application.

EBICS RSA Key Pairs

For the secure data transmission, EBICS uses three RSA key pairs:

  • Bank-technical key pair for signing requests
  • Identification and authentication key pair for identifying and authenticating the subscriber
  • Encryption key pair for encrypting/decrypting the transferred data

The RSA key pairs of the technical user are securely stored in a cloud-based hardware security module (HSM) – without any USB drive, smartcard or other physical device involved. JustOn Cash Management accesses the keys when preparing orders and interacting with the bank server.

Note

EBICS keys are valid for one year.

If the keys are used (for uploading payment orders or retrieving bank statements) within the last 30 days of their validity, JustOn Cash Management automatically renews these keys, making them available for another year. If the expiry date has passed without renewing the keys, JustOn Cash Management disables the bank access, and users must repeat the EBICS initialization.

Configuration Details

Info

Before setting up and using JustOn Cash Management, contact your bank in order to determine the EBICS-relevant information. Use our onboarding form for your convenience.

Bank Access Requirements

Prior to using JustOn Cash Management, your business must enter into a (usually chargeable) contract on the intended data access with your bank. The contract must specify, among others, the users who work with the software and the relevant bank accounts.

Depending on your business requirements, make sure to request at least

  • One technical user access exclusively for JustOn Cash Management, including the following order types

    Order Type EBICS 2.5 EBICS 3.0 Notes
    Download CAMT.053 bank statement files C53 EOP/DE/camt.053 DK format only
    SEPA Direct Debit Upload (Core) CDD SDD/COR/pain.008
    SEPA Direct Debit Upload (B2B) CDB SDD/B2B/pain.008

    Note

    The legacy MT940 protocol for bank statements will be discontinued by November 2025 and is therefore not supported.

  • One or more authorized user accesses – depending on whether you involve one (E signature) or multiple authorizing users (A and B signatures)

    Info

    If you already have an authorization workflow in place, you can reuse the existing authorized users to release orders produced by JustOn Cash Management.

Bank Details for JustOn Cash Management

If your bank is not available in JustOn Cash Management, file a ticket in the JustOn Support Portal, providing the following information:

  • Bank name
  • BIC
  • URL of your bank's EBICS endpoint
  • Host ID

Info

This information is usually given by the bank on EBICS onboarding. In case of doubt, contact your bank to provide the relevant details.

Batch Bookings

Your business may allow customers to use batch bookings (or consolidated payments) to pay for multiple invoices at once.

If you do so, you must explicitily request your bank to break down all batch bookings into indiviual transactions. This enables JustOn Cash Management to process bank statements and bank statement items correctly.

Info

The batch booking breakdown only affects the electronic transmission of transaction information.

SEPA Direct Debit

The European Payments Council (EPC) has established the single euro payments area (SEPA) to standardize cashless euro payments across Europe. It defines, among others, SEPA Direct Debit schemes (SDD): one primarily designed for B2C businesses (SDD Core), and one exclusively for B2B businesses (SDD B2B). The two schemes set common rules for transferring money from a debtor to a creditor, but vary in details (see SEPA Direct Debit).

SEPA Direct Debit is centered around a mandate, which allows the creditor to prove their request for collecting money. The collection is initiated by the creditor, submitting the order to their bank. The order includes information like mandate ID, amount, collection date and debtor IBAN. The bank then executes the order, withdrawing the money from the debtor's account and putting it to the creditor's account.

The common rules include:

  • The mandate is signed by the debtor before the first transaction (typically 14 days before the first collection).
  • The mandate allows one-off or recurrent collections and can be revoked by the debtor at any time.
  • The due date of a collection must not be more than 14 days in the future.

Depending on the scheme (Core or B2B), various timeframes and rules apply for the debtor to object to the money transfer and to order a reverse transaction.

The SEPA Direct Debit Core scheme is mandatory for transactions with consumers (B2C) and optional for transactions with businesses (B2B). Under SDD Core, a debtor can request a refund ("no-questions-asked") within eight weeks of the collection date. In case of an unauthorized transaction – which must be proven –, a debtor can ask for a refund within 13 months of the collection date.

The SEPA Direct Debit B2B scheme is exclusively for businesses. Under SDD B2B, the debtor is not entitled to obtain a refund for an authorized transaction. The debtor's bank, however, may still return a transaction under certain circumstances within three days. To ensure that a transaction is authorized under SDD B2B, the debtor's bank must check whether there is a valid mandate before executing the collection.

Info

This overview on SEPA Direct Debit does not constitute any legally effective advice. JustOn cannot and must not provide such services. For any detailed questions and current information on implementing SEPA Direct Debit, contact your bank.