With the implementation of EU Directive 2015/2366 (Payment Services Directive 2 - PSD 2) by the Austrian Payment Services Act - ZaDiG 2018, banks will be obliged to use two-factor authentication for their Internet banking and electronic banking products as of 14 September 2019 as well as to provide technical access to their customers' Internet banking payment accounts for Third Party Providers (TPP).
When applied to the Austrian MultiBank standard MBS, this means that a corresponding certificate must be transmitted every time a connection is established with a MBS bank computer for secure authentication (SCA - strong customer authentication). These certificates must be created, signed and transmitted to the bank computer once for each communication officer stored in the system data. The necessary steps are described in this document on the next pages.
The Payment Services Act also requires using of (at least) 2 different elements from the categories:
possession (e.g. Mobile phone), knowledge (e.g. PIN ) and inherence (e.g. Fingerprint, Iris-Scan)
for the payment order authorisation.
Therefore, starting from September 14th, when signing a payment order using mobileTAN (TAN via SMS),
user's PIN has to be entered (= categories Possession and Knowledge).
When signing with CardTAN, the PIN entry is omitted, since this is already done in the card reader.
When signing by means of digital signature, the PIN entry is omitted, since the signature password must
be typed in the card reader (card = category possession, PIN / signature password = category knowledge).
To meet all these requirements, we have released the new version 188.8.131.52 of the BusinessLine.
Changes in the Version 184.108.40.206
Systemdata – Communication Officer
The list of existing communication officers shows whether a certificate has already been created and sent to the bank computer. You can create, sign and if necessary revoke the necessary certificates via the "Edit communication rights" tab.
Record data administration
When using mobileTAN signature method, entering the PIN of the authorisee in addition to the mobileTAN
will be obligatory from September 14th, 2019. Until then, the input is optional.
Update of the Existing Version:
Check and/or make a note of the installation path of your current installation or the current database (click on "Software and System Information").
- In case you use a multi-user database, contact your IT department for the update.
- In case you also use the BusinessCash module in addition to the BusinessLine, please do not proceed with the update yet. You will receive BusinessCash in the near future.
- If you are a lawyer and manage electronic escrow accounts via Vienna Bar Association, please do not proceed with the update yet. The appropriate Trustee Module version will be available soon.
Go to BusinessLine 220.127.116.11 manual