HBCI and PSD2

Tue Sep 10 20:06:49 BST 2019

Hi,

On Dienstag, 10. September 2019 16:08:57 CEST Ralf wrote:

> Hello,
> 
> I am using kmymoney with AqBanking to keep my bank accounts in sync with
> kmymoney. Unfortunately I have been informed that all banking software
> accessing the accounts with HBCI has to be certified or at least accredited
> by BaFin (here in Germany).
> 
> The message can be read at
> https://kunden.commerzbank.de/portal/de/privatkunden/konten-karten/wissen/zahlungsverkehr-organisieren/hbci_psd2.html
> 
> Excerpt from the web page (translated by DeepL):
> -----------------------
> "The most important changes for financial software users connected to
> Commerzbank with FinTS/HBCI from 14 September 2019:
> 
>     In future, all third-party services must be approved by the German
> Federal Financial Supervisory Authority (BaFin) - for your security. This
> also includes the financial software that you use for your banking
> transactions via HBCI/FinTS. Manufacturers of financial software products
> are therefore required to register their products with the German banking
> industry ("DK"). The assigned registration number is checked in dialogue
> with the respective bank computer. This ensures that only up-to-date and
> secure financial software products are used.
> 
>     For you as a HBCI user, this means that you must update your financial
> software by the end of 2019 in order to be able to participate in the
> customer-bank dialogue at the HBCI/FinTS interface at the highest security
> level."
> -----------------------
> 
> Does that mean that HBCI will not work any more after end of this year?

No, because KMyMoney 5.0.6 already carries said registration (see https://kmymoney.org/release-notes.php and https://bugs.kde.org/show_bug.cgi?id=410865) and sends it to the banks. More complex in this respect is the fact, that some banks require you to provide a secure authentication (aka TAN) even for transaction download every 90 days. This requires an updated version of AqBanking and an adapted version of KMyMoney which currently does not exist and is currently a problem for some users (not only KMyMoney) as some banks already switched to this procedure.

Oh, and for the records: "The assigned registration number is checked in dialogue with the respective bank computer. This ensures that only up-to-date and secure financial software products are used." Yes, it is checked, but it ensures nothing. That's fake news.

Hope that gives you enough confidence that things will remain working.

Regards

Thomas

-- 

Regards

Thomas Baumgart

https://www.signal.org/       Signal, the better WhatsApp
-------------------------------------------------------------
Knowledge is of two kinds. We know a subject ourselves, or we know where
we can find information upon it. — Samuel Johnson (Boswell's Life of Johnson)
-------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 868 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kmymoney/attachments/20190910/bf4a73a0/attachment.sig>