Mandate final Report

səhifə	4/6
tarix	26.06.2016
ölçüsü	0.83 Mb.

1 2 3 4 5 6

4. The Mandate Implementation

The pilot banks were:

Royal Bank of Scotland, UK

ING Bank, The Netherlands

Nordvestbank, Denmark
The pilot users were the members of the consortium, all SME’s, users of cheques, who could see the potential benefit of Mandate in their own commercial operations.
The scenario was as follows:

Each bank was visited and the Mandate application installed. The bank was given the full functionality of the system, which allowed them also to issue cheques, and test out this aspect. The banks then issued Mandate^TM’s to their customers.

4.1 The Mandate^TM

The Mandate^TMwas for pilot purposes implemented on a diskette, although as mentioned, in a commercial application it would be created on a smartcard. Even though implemented in software, it still presented itself as the electronic equivalent of the cheque book with a set of blank cheques, the two sets of key pairs (signature and encryption) relating to the owner of the Mandate^TMand the public encryption key of the bank (for paying cheques into the bank).

4.1.1 Bank Functionality

Generation of new blank cheques

In addition to issuing the Mandate^TM’s to its customers the banks also generated new blank cheques when requested by the customer. These were sequentially numbered from the previously issued cheques. The cheques can only be loaded on to the Mandate^TMfor which they have been created and it will only be possible to load them once. These new cheques are sent to the user via e-mail.

In the pilot requests for new cheques were carried out manually. When the user was running short of cheques, each time he issued a cheque a message informing him that he should request new cheques from the bank would appear. In a commercial implementation it would be possible to automate this process, either by the bank automatically issuing new cheques once it had received a certain cheque number (eg 10 before the last cheque number) or by a request automatically being sent from the user to the bank once a certain cheque number has been issued.

Clearing Cheques

The pilot functionality did not cover the actual clearing of funds and was never intended to - but followed the same information flows as with the paper system, and assumed that the funds transfer mechanism would then be carried out by the current bank clearing systems, or new methods devised by banks adopting an electronic cheque system. Once the bank collecting the funds (the collecting bank) has received a Mandate electronic cheque it would endorse it to the bank from which it was issued (which as explained involves digitally signing it and encrypting the signature with the issuing bank’s public encryption key) and send it by e-mail. When this was completed successfully, the issuing bank will credit the funds and debit the account of the originator of the cheque.

4.1.2 User Functionality

The user has all the functionality that he has with a paper cheque in the pilot:

He could issue a cheque, by digitally signing it and encrypt it with the public encryption key of the person to whom he was issuing the cheque. This was attached and sent by e-mail.

He received cheques, and the software decrypted the signature with the secret encryption key and when the cheque was received successfully he could either endorse it on to another Mandate user or pay it into his bank account. Both these actions involved the endorse function by which the user endorsed the cheque with his digital signature and encrypted the signature with the public encryption key of the next recipient of the cheque (either the bank or another Mandate user), just as when he issued a cheque.

New blank cheque forms were received via e-mail, too.

4.2 Pilot Scenarios

The functionality of the Mandate cheque replicated the paper-based system, rather than reengineering it. However, in the Functional Specification certain potential functionality was identified, such as splitting cheques, which was not implemented in the pilot since it was felt by the pilot banks that this would cause an additional administrative burden in the reconciliation processes both at the banks and by the issuer of the cheque.
A set of scenarios was set up for pilot operation in order to test out certain aspects of the functionality of the Mandate system.
Firstly, in order to establish that the system was working correctly and that all the participants understood how the system operated, a straightforward set of cheques was sent from issuer to recipient and then through the banking chain.

4.2.1 Use of Signatures

A series of cheques was prepared where the issuer of the cheque signed the cheque with a signature other than that of the recipient. This was to show that only the person whose signature is used to sign the cheque would be able to use that cheque. When attempting to receive the cheque, the recipient received a message which indicated that the cheque could not be decrypted successfully and that perhaps the wrong signature had been used.

4.2.2 Endorsement

The pilot allowed for the cheque to be endorsed to another party. Whilst in today’s paper-based world this function is only in common usage in certain countries (eg Greece), it was felt that it would be an added functionality which may be useful. The history of the cheque was stored and could be viewed at any time through the Mandate application. A set of transactions was used to show this functionality, with up to four endorsements, although the system was set up to allow an infinite number of endorsements. Also tested was what happened if the cheque was endorsed to the wrong party. Here the result was the same as in the Use of signatures above, when attempting to receive the cheque an error message was received. This scenario also tested out what happened if the cheque was endorsed back to the issuer or someone earlier in the chain. As explained, the Mandate system is designed not to allow you to receive the same cheque twice, since this would enable double encashment. However, if the cheque history has changed and there are additional endorsements present on the cheque, the system accepted the cheque, as it should.

4.2.3 Stopped cheques

Because the Mandate system was not integrated into other bank applications, stopping of the cheque had to be carried out manually. The issuer of the cheque informed his bank by e-mail that he wanted a cheque that he had issued to be stopped. Once the cheque reached the bank, the bank sent the cheque back down the chain informing the collecting bank and its customer of the situation.

4.2.4 Returned cheques

Cheques may need to be returned for a number of reasons. The recipient of a cheque may return it because the amount is incorrect, or there is some other discrepancy. The issuing bank may return a cheque due to the lack of funds. For added security and to show in the history, the recipient or bank first received the cheque in the Mandate application and then endorsed it back to the party who had sent the cheque.

4.2.5 Mystery Error

To encourage challenges to the system, there were a series of cheques entitled ‘mystery error’. Here, the issuer would try to issue the cheque erroneously, for the recipient to try and work out what the problem was.

One of the challenges attempted was to change the data on the cheque. Once the cheque has been issued, it can be viewed as a series of letters and digits in ‘Notepad’ or similar application. Here, if the data is changed in any way after it has been signed the recipient, when trying to receive the cheque will receive a message that the contents of the cheque have been corrupted.

4.2.6 Breakdown of Mandate^TM

One of the most important aspects was that of key/cheque recovery. This was tested out during the pilot. The breakdown of a Mandate^TM was simulated and the following procedure carried out. When the bank produced the Mandate^TM on behalf of its customer, it kept a copy of that customer’s secret key. When the Mandate^TMbroke down the customer sent a copy of the cheques on the Mandate^TM at the time of breakdown to the bank. The bank had a function for the recovery of cheques which enabled him to decrypt the signature on the cheque by using the secret key. Once the bank had assured itself that it was a bona fide cheque he could credit the amount to the customer’s account. However, since it would be possible for the customer to pretend the Mandate^TM had broken down and still endorse the cheque on to some one else, to prevent this happening the bank waited until the cheque had expired and no other identical cheque had been paid in to the account before crediting the customer’s account. (This could also be handled through the customer indemnifying the bank in some way).

4.2.7 Cheque Validity Period

For the pilot period cheques issued were valid for a period of one month. Once this period had passed and someone tried to do something with the cheque, an error message indicating that the cheque was no longer valid would appear.