How do we securely handle your consent to execute payments on your bank account?
Hi, my name is Sven Beauprez and I am responsible for all things technical of the TOCO Platform.
As you could read in previous blogs and will be able to read in future blogs, TOCO is meant to be your one stop shop for all you company administration, including payments without the need to go to your banking application. And this not only for Belgium, but throughout the whole European Union (and also UK). In this post I lift the corner of the veil on a part of security that is crucial for banking integrations, especially for payment initiation, and which was approved by the National Bank of Belgium (NBB)
TOCO aggregates a lot of data from different systems, such as retrieving your accounting information from accounting software and your financial transactions from banks. At the same time, we upload data and trigger actions on those systems, such as uploading invoices ready to be processed by your accountant and payments to be processed by your bank.
All those integrations require an end-user consent and we need to make sure that you and only you are able to retrieve your data and you and only you can execute actions on your data (eg. pay with your bank account)
We only have deep integrations with external systems that can be setup securely. For banks, this is fine and most banks are ready to setup this integration (they have to, because of the European PSD2 directive). For accountancy systems, this is a different story. Not all those systems are ready for secure deep integrations. If you are an accountant, please contact our support team to know which accountancy software we support today and which packages are on the roadmap (we co-operate with a few of the vendors to make their software more secure).
For all supported deep integrations, we use the same high security standard, which means accountancy system integrations are on the same high security level as banking integrations. When an integration is setup with a bank for example, we need to get your consent to be able to read account information and to initiate a payment with your bank account. When you give us this consent, we get a unique key (token) for you from your bank to use in future conversations with your bank.
You can compare this key/token with a unique key to an office building. The owner of the key is known, and you can easily track when the owner has entered the building. This is also true for the consent token you gave us via your bank, when we use this token to initiate a payment on your account, every party knows exactly that you – and only you – initiated this payment on TOCO – and only on TOCO – and for that specific account – and only that account. TOCO receives consent tokens from a lot of different users, so we have to be very careful with what we do with those tokens.
Now a little bit more in depth technical on how we securely store this token in our backend. We use a vault in which tokens are stored encrypted. The encryption keys used to encrypt the token, are also encrypted with a master encryption key. The vault can only be unsealed via the master key. That’s already a lot of encryption, but it does not stop here!
The master encryption key, needed to access the vault data, is on its turn encrypted via a key management system (KMS) and must be decrypted with the KMS. The KMS keeps cryptographic keys used for encrypting and decrypting data.
This is only tip of the iceberg on the security measures we took and our whole security setup was reviewed and approved by the National Bank of Belgium (NBB). Since day one in spring 2019, this setup has been put in place. Security is not an after thought at TOCO.