FinTS
FinTS, formerly known as HBCI, is a bank-independent protocol for online banking, developed and used by German banks.
HBCI was originally designed by Germany's three banking "pillar" networks, namely the Sparkassen-Finanzgruppe, German Cooperative Financial Group, and Association of German Banks. The result of this effort was an open protocol specification, which is publicly available. The standardisation effort was necessary to replace the huge number of deprecated homemade software clients and servers.
While IFX, OFX and SET are tailored for the North American market, HBCI is designed to meet the requirements of the European market.
The FinTS-specification is publicly available on a website run by the ZKA.
Features
- Support for online-banking using PIN/TAN one time passwords.
- Support for online-banking with SWIFT.
- DES and RSA encryption and signatures.
- Making use of XML and SOAP for data-exchange, encryption and signatures.
- Implemented on top of HTTP, HTTPS and SMTP as communication layer.
- Multibanking: The software clients are designed to support accounts on multiple banking companies.
- Platform Independence: The specification allows software development for various types of clients.
- Storage of the encryption keys on an external physical device for improved security.
- Possibility to use so called "Secoder" smart card readers to allow the user to cross check the transaction data on a secure device before signing it to uncover manipulations caused by malware. To use Secoder, the bank as well as the home banking software have to support the Secoder protocol extension of FinTS.