action.skip

Banking Preconditions

This article summarizes conditions for working with JustOn Cash Management and banks via EBICS. It outlines specifics for you to understand and acknowledge beforehand, and specifies a number of conditions for using the software.

For an onboarding checklist, see How-To: Integrating With Banks.

For information in German, see Bankfachliche Rahmenbedingungen.

About Banking Data Exchange

JustOn Cash Management directly integrates Salesforce CRM with European banks. Using the secure, EBICS-compliant connection, businesses can directly retrieve and upload relevant payment information.

What is EBICS?

The Electronic Banking Internet Communication Standard (EBICS) is a transmission protocol for sending payment information between clients and banks as well as between banks over the Internet. It uses established standards for securely transmitting encrypted data. For details, see EBICS.

All German banks that are associated with the German Banking Industry Committee (Die Deutsche Kreditwirtschaft/DK) support EBICS and therefore allow exchanging payment information using JustOn Cash Management.

Prior to using the banking connection of JustOn Cash Management, your business must enter into a (usually chargeable) contract on the intended data access with your bank (see Bank Access Requirements). From a technical perspective, you subscribe to an EBICS-compliant service for exchanging payment information. Hence you may be referred to as the subscriber, with your bank as the other contract party.

JustOn Cash Management supports EBICS 3.0 (Rev. 3.0.2). EBICS 3.0 has introduced standardized Business Transaction Formats (BTF), which allow for working with German and other European banks – including French, Swiss and Austrian banks.

JustOn Cash Management supports CAMT.053 messages (see Bank Access Requirements). That is, it can retrieve banking data for completed bookings up to the day before the current date. Fetching interim transactions during the same day (CAMT.052 messages) is currently not possible.

Configuration Details

Before setting up and using JustOn Cash Management, contact your bank in order to determine the EBICS-relevant information. Use our onboarding form for your convenience.

Bank Access Requirements

Prior to using the banking connection of JustOn Cash Management, your business must enter into a (usually chargeable) contract on the intended data access with your bank. The contract must specify, among others, the users who work with the software and the relevant bank accounts.

Depending on your business requirements, make sure to request

  • At least one technical user access (T signature) exclusively for JustOn Cash Management, including the following order types

    Order Type Required EBICS 3.0 Notes
    Download CAMT.053 bank statement files EOP/DE/camt.053 DK format only
    Download PDF bank statement files EOP/DE/pdf
    Download account-related PDF files DAR/DE/pdf
    SEPA Direct Debit Upload (Core) SDD/COR/pain.008
    SEPA Direct Debit Upload (B2B) SDD/B2B/pain.008

    Note

    The legacy MT940 protocol for bank statements will be discontinued by November 2025 and is therefore not supported. Your bank must enable the CAMT.053 format.

    JustOn Cash Management relies on the technical user access (T signature) for both retrieving bank statement data and uploading produced SEPA orders. The user's partner ID and user ID are part of the bank access configuration.

  • One or more authorized user accesses – depending on whether you involve one (E signature) or multiple (A and B signatures) authorizing users

    Info

    The authorized user accesses are not required for working with JustOn Cash Management. Your organization employs authorized users to release SEPA orders (as produced by JustOn Cash Management) using an appropriate third-party banking software or mobile application.

    If you already have an authorization workflow in place, you can reuse the existing authorized users to release the orders produced by JustOn Cash Management.

Bank Details for JustOn Cash Management

If your bank is not available in JustOn Cash Management, file a ticket in the JustOn Support Portal, providing the following information:

Info

This information is usually given by the bank on EBICS onboarding. In case of doubt, contact your bank to provide the relevant details.

Bulk Bookings

Your bank may use bulk bookings (or consolidated bookings) at their discretion by default.

If they do so, you must explicitly request your bank to break down all bulk bookings into individual transactions. This enables JustOn Cash Management to process bank statements and bank statement items correctly.

The bulk booking breakdown only affects the electronic transmission of transaction information, not the money transfer itself.

Info

Be aware that bulk booking mentioned here and the SEPA batch booking mechanism are different concepts. Banks may execute bulk bookings at their discretion, whereas you can control whether to use SEPA batch bookings or not.

Access Permissions

Generally, EBICS allows for different permission concepts. JustOn Cash Management, specifically, uses the electronic distributed signature (EDS). This approach involves two access types for users: technical users prepare and transfer the data, and authorized users confirm and release orders.

JustOn Cash Management exclusively acts as a technical user with the signature class T (= transport). So it can retrieve bank statements and prepare and upload payment orders only, according to the access rights (order types, amount limit, etc.) that you have requested for it at your bank. Should the requested rights for the technical user exceed the necessary permissions for the data transfer, JustOn Cash Management will in no case exercise them and limit itself to operations under the signature class T.

Info

According to the German Federal Financial Supervisory Authority (BaFin), the bank access via EBICS does not constitute an online banking access and therefore does not require specific authorizations under the provisions for payment initiation services.

EBICS Initialization

Generally, EBICS initialization means exchanging public keys: You send your public subscriber keys to your bank, and your bank sends their public bank keys to you. Using the keys, you and your bank can then verify that any sent information – signed using the keys – is genuine.

The initialization procedure includes the following artifacts and procedure steps:

(1) EBICS access information and printed public bank keys

pay_app_init_bank1

After your organization has requested EBICS access, your bank sends a user letter to you. It includes the user data and other relevant access information for you to create the bank access.

The printed public bank keys are often published on the bank's website or are part of the user letter.

Some banks return a confirmation letter that includes the printed public bank keys only after they have verified your public subscriber keys (step 4).

(2) Electronic public subscriber keys

pay_app_init_bank2

As part of the bank access configuration, JustOn Cash Management creates your subscriber keys and transfers the public subscriber key electronically to your bank.

(3) Printed public subscriber keys

pay_app_init_bank3

After adding the bank access, you are prompted to download the initialization letter, which includes your printed public subscriber keys. You send this document to your bank via postal mail or email.

(4) Public subscriber keys validation

pay_app_init_bank4

Your bank compares the public subscriber keys received electronically with the ones sent with the initialization letter.

(5) Electronic public bank keys

pay_app_init_bank6

Now you proceed to validate the public bank keys: This makes JustOn Cash Management fetch the public bank keys electronically.

(6) Public bank keys validation

pay_app_init_bank7

Then you compare the public bank keys received electronically with the printed public bank keys.

Once you confirm the keys' validity, JustOn Cash Management completes the bank access setup. This makes the involved bank accounts ready for the EBICS-based data exchange with your bank.

pay_app_init_bank8

Note

The EBICS subscriber keys produced by JustOn Cash Management are valid for one year.

If the subscriber keys are used (for uploading payment orders or retrieving bank statements) within the last 30 days of their validity, JustOn Cash Management automatically renews these keys, making them available for another year. If the expiry date has passed without renewing the keys, JustOn Cash Management disables the bank access, and users must repeat the EBICS initialization.

Order Processing

pay_app_ebics_process

In a rough outline, payment orders are processed as follows:

(1) JustOn Cash Management prepares the SEPA payment orders and encrypts the data packages.

(2) Under the EBICS signature class T (see Bank Access Requirements), JustOn Cash Management then uploads the data to the bank, where the orders are queued.

If you have set up an amount limit for the technical user, preparing and uploading payment orders will be subject to this limit.

(3) An authorized user (EBICS signature class E or A/B, see Bank Access Requirements) monitors the queue and releases the orders.

These operations are not controlled using JustOn Cash Management. The authorized representatives must use an appropriate third-party banking software or mobile application.

EBICS RSA Key Pairs

For the secure data transmission, EBICS uses three RSA key pairs:

  • Bank-technical key pair for signing requests
  • Identification and authentication key pair for identifying and authenticating the subscriber
  • Encryption key pair for encrypting/decrypting the transferred data

The RSA key pairs of the technical user are securely stored in a cloud-based hardware security module (HSM) – without any USB drive, smartcard or other physical device involved. JustOn Cash Management accesses the keys when preparing orders and interacting with the bank server.

Note

The EBICS subscriber keys produced by JustOn Cash Management are valid for one year.

If the subscriber keys are used (for uploading payment orders or retrieving bank statements) within the last 30 days of their validity, JustOn Cash Management automatically renews these keys, making them available for another year. If the expiry date has passed without renewing the keys, JustOn Cash Management disables the bank access, and users must repeat the EBICS initialization.

SEPA Direct Debit

The European Payments Council (EPC) has established the single euro payments area (SEPA) to standardize cashless euro payments across Europe. It defines, among others, SEPA Direct Debit schemes (SDD): one primarily designed for B2C businesses (SDD Core), and one exclusively for B2B businesses (SDD B2B). The two schemes set common rules for transferring money from a debtor to a creditor, but vary in details (see SEPA Direct Debit).

SEPA Direct Debit is centered around a mandate, which allows the creditor to prove their request for collecting money. The collection is initiated by the creditor, submitting the order to their bank. The order includes information like mandate ID, amount, collection date and debtor IBAN. The bank then executes the order, withdrawing the money from the debtor's account and putting it to the creditor's account.

The common rules include:

  • The mandate is signed by the debtor before the first transaction (typically 14 days before the first collection).
  • The mandate allows one-off or recurrent collections and can be revoked by the debtor at any time.
  • The due date of a collection must not be more than 14 days in the future.

Depending on the scheme (Core or B2B), various timeframes and rules apply for the debtor to object to the money transfer and to order a reverse transaction.

The SEPA Direct Debit Core scheme is mandatory for transactions with consumers (B2C) and optional for transactions with businesses (B2B). Under SDD Core, a debtor can request a refund ("no-questions-asked") within eight weeks of the collection date. In case of an unauthorized transaction – which must be proven –, a debtor can ask for a refund within 13 months of the collection date.

The SEPA Direct Debit B2B scheme is exclusively for businesses. Under SDD B2B, the debtor is not entitled to obtain a refund for an authorized transaction. The debtor's bank, however, may still return a transaction under certain circumstances within three days. To ensure that a transaction is authorized under SDD B2B, the debtor's bank must check whether there is a valid mandate before executing the collection.

Unless specifically agreed with the bank, JustOn Cash Management uses the basic character set defined by the European Payment Council when creating SEPA payment orders. For details, see SEPA Requirements for an Extended Character Set (UNICODE Subset) - Best Practices.

Info

This overview on SEPA Direct Debit does not constitute any legally effective advice. JustOn cannot and must not provide such services. For any detailed questions and current information on implementing SEPA Direct Debit, contact your bank.