Why downloading a signature certificate when activating my EBICS contract ?
When it comes to executing large scale payments, security is the first priority. We implemented our EBICS Payment module by following best-in-class security recommendations from the Bundesamtes für Sicherheit in der Informationstechnik (BSI).
How does it work in Agicap?
When an EBICS user is initialised, three certificates are generated. Two of them are stored on Agicap servers, and the third one (called signature certificate) is downloaded on your computer.
In order for a payment to be executed successfully, the bank needs the 3 certificates, enclosed with the payment instruction. The fact that the 3 certificates are not stored in the same place is a crucial security measure: it will not be possible to access all the certificates by gaining access to your computer, or Agicap servers.
On top of certificate separation between you and us, the access to signature in Agicap is also restricted to certain users :
You need to have logged into Agicap
You need to be a designated signer on the EBICS contract
How to keep my signature certificates safe ?
It is important to keep your certificates in a safe but accessible place. Here are a few best practices:
Share the certificates only with the persons that are allowed to sign payments.
You can share the certificates like any other file, but make sure not to share it with anyone.If you are the only person allowed to sign payments, keep your certificate in two different places
So that if you lose the certificate, you can still find it ! For example : keep it on a USB drive for everyday, and on you Cloud Storage as a backup.
What if I lose my signature certificates ?
The signature certificate is not stored on Agicap servers so if you lose it, we won't be able to give it back to you !
If you lose your signature certificate, and if it is not held by anyone else, then you should :
Duplicate your EBICS contract in Agicap
Ask your bank to revoke your E-user certificates
Initialise the E user on the duplicated contract and store the signature certificate in a safe place.
Sign the INI letters and activate the contract
When the duplicated contract is working, delete the previous contract