Blog article
See all stories »

3SKey-Securing the Payment Chain

What is 3SKey?

3SKey is a SWIFT solution that provides a single token solution for corporates to "sign" payments sent to their banks.  A “token solution” usually refers to something like a USB token that customers with bank specific e-banking applications would use to "sign" or approve payments for release to the bank. This act of signing essentially tells the bank receiving the file of payment or payments that it was signed and released by a known person within that company. The goal is to secure the payment chain between the corporate and the bank.

Large corporates with many different e-banking solutions might have numerous physical tokens, to the point where, for companies that have moved their payments to a shared service centre, desks could be covered in them.  At that point the original purpose of having tokens in the first place seems to disappear. Once a company had evolved towards a payment factory domain where they replaced those e-banking solutions with the payment factory solution for all payments, one missing piece was a single token that could be used across the different banks.  SWIFT’s 3SKey solution enables corporates to replace all of those different bank-specific tokens with one industry-wide token that should, in time, be supported by all the banks. 

Do many banks support it?

Support is not yet very widespread.  There has been good take-up in France because of the replacement of their old corporate-to-bank protocol (ETEBAC) with either SWIFT or EBICS.  EBICS comes with a ‘signing’ solution using digital signatures and SWIFT understood that in order to get more French corporates on board, they needed to support them in their requirement to digitally sign payments. Consequently, adoption among the French banks is pretty high, allowing corporates on SWIFT to be compliant.  Outside of France, take-up has been slower, so it’s not a global solution yet.  There’s inevitably some work that banks have to do to support it, so it will likely take some time.

Can companies also use 3SKey for their internal signing and auditing purposes?

Companies might look at 3SKey and think that it is not a perfect solution because many of their banks don’t support it. However, they have the option to use a single token solution or a secure signing solution within their company even if their bank doesn’t support 3SKey.  There are many token solutions out there that Corporates can use to meet their two factor authentication requirements.  SWIFT are now saying that companies can use this solution for their internal signing as well as external, so they really just have one token for their entire business.  SWIFT want to ensure that Corporates are aware that they can use it for internal signing needs even if not all of their banks support it today.  One outstanding question regarding the viability of this is cost – is the cost of 3SKey to the corporate competitive with the other solutions on the market?  Ultimately, this will have an impact on the directions that Corporates take.  But, one thing is for sure, the more Corporates that use 3SKey as their single token solution, the more pressure there will be on their banks to support it.


Comments: (0)

Now hiring