Member Charter

From documentation SEPAmail
Jump to navigation Jump to search
This page is a translated version of the page Charte de l'adhérent and the translation is 95% complete.
Outdated translations are marked like this.

Modèle:TOC:security

Introduction

The SEPAmail member is a key player in the service offer of the SEPAmail secure messaging service. The member must therefore adhere to different rules in order to ensure compliance with the quality and security levels provided by the messaging service:

  • availability
  • authentication
  • confidentiality
  • traceability
  • date and time stamp
  • integrity
  • supervision

The 4-Corner Model

  • In this model, the SEPAmail member provides services to its customer with which it has a contract.
  • To reach its customer’s counterparty, the SEPAmail member establishes contact with the counterparty’s SEPAmail member.

The rules related to the SEPAmail messaging service are defined between 2 SEPAmail members. They are ALSO applied in the event that the counterparty and the customer have the same member (this is also the case for traceability rules).

Each member undertakes to strictly comply with the 4-corner model. In particular, a member cannot process a Report message if it has not seen the related Request message.

Relationship between the SEPAmail Member and its Customer

  • Regarding the exchange of data with its own customer, the SEPAmail member undertakes to apply the same quality and security levels as required for exchanges between members.
  • Operational implementation may use the SEPAmail standard and the SEPAMAIL.EU procedures (Scheme Manager) without this being a requirement
  • Nevertheless, the Scheme Manager can take more restrictive actions in relation to all SEPAmail members in the event of practices detrimental to the security and image of the SEPAmail network.


Membership

  • Any entity managing a BIC, which has requested membership in the SEPAmail structure, and which has received approval for this application from SEPAMAIL.EU, is entitled to become a SEPAmail member.
  • A SEPAmail member must indicate the ecosystems it is able to process and must also indicate the digital signature and encryption certificates of the missives.
  • Due to its contractual relationship with SEPAMAIL.EU, the SEPAmail member accepts the legal probative value of its signature provided that it signs a missive with the certificates it has declared. Given this contractual relationship model, the network of SEPAmail members are freed from dependence on market tools of third party certification authorities. In particular, regarding restrictive rules shared by all in terms of certificate class guarantees only about this issue of the probative value of the signature.
  • If necessary, the SEPAmail member indicates the blocked CRL of its certificates.
  • The Scheme Manager can ask a member to use a CRL shared by the members and managed by the Scheme Manager.
  • The SEPAmail member must implement state of the art mechanisms to protect against any compromise of the secret keys associated with its certificates. In the event of a compromise, the SEPAmail member undertakes to update the CRL (Certificate Revocation List) as quickly as possible. The compromise of private keys, the absence of quick and appropriate action or the non-implementation of the Charter are considered valid reasons for the exclusion of a member (as stipulated in the membership contract).

Membership certificates are therefore known in advance by all other members in a Scheme Manager reference document and reciprocally. Only known certificates are accepted in data exchanges.

To ensure supervision, the member undertakes to provide statistical data to SEPAMAIL.EU in compliance with the specifications of the standard.

SEPAmail Members – Receiving a Nominal Missive

Availability

  • SEPAmail members are required to provide a 24/7 service for receiving SEPAmail missives.
  • Time availability (actual time of availability/total time of availability) is subject to the rules defined by the Scheme Manager.
  • Transaction availability (number of missives processed/number of missives sent) is subject to the rules defined by the Scheme Manager.
  • Response time (time between the sending of the nominal missive and the receiving of the first acknowledgement missive) is subject to the rules defined by the Scheme Manager.
  • The Scheme Manager may have to implement control test flows regarding availability. In this event, the proportion of the test flows is to be negligible in relation to production flows.

Traceability of Data Received for Customers

  • A SEPAmail member is required to send back an acknowledgement of receipt for each missive it receives (in the form of an acknowledgement missive), which is in compliance with the time frames defined in the standard and according to the priority level of the missive.
  • The acknowledgement missive indicates the stamp of the corresponding nominal missive as well as the date and time.
  • Independently of the other missives, the SEPAmail member must be able to store and produce either for its customer or for the counterparty’s member, the nominal missive it received AND the corresponding acknowledgement missive, as well as the related signature elements in the envelope format defined by the SEPAmail standard. This requirement is applied for a temporary period (1 year maximum) depending on the standards to be defined by SEPAMAIL.EU.
  • The SEPAmail member is required to store the time/date stamps of the missives for longer periods of time (10 years or more, depending on the service) in the event of an arbitration based on the data provided by the users.

The Scheme archives all the signature certificates provided by the SEPAmail members for future verification, if necessary.

Confidentiality

  • The SEPAmail member can decrypt the missives it receives only if the confidentiality of the decrypted data is ensured.
  • The SEPAmail member is authorized to process unencrypted data it receives provided that the confidentiality of the data is guaranteed. The guaranteed level of confidentiality is identical to the level defined in the law related to banking secret obligations (insert relevant article from the law).
    • If the member is a bank, it must therefore treat the received data as banking data.
    • If the member is not a bank, it must therefore implement appropriate mechanisms for the required level.

Authentication of the Sending Member

  • For each missive, the SEPAmail member must perform the controls described in the standard, especially related to the signature and certificate. It must react in an appropriate manner (negative acknowledgement) in the event of an inaccuracy.
  • The SEPAmail member must verify the CRL of the other members at least once a day.

Management of User Data

  • The SEPAmail member is required to propagate the user data without making any changes or additions other than those specified and authorized by the standard. In particular, the member undertakes to propagate the user data it receives even if it is defined as optional in the standard.

SEPAmail Member – Transmission of Nominal Missives

Availability

  • The SEPAmail member must implement the opening of the SEPAmail missives transmission service according to the service offer it has contracted with its customers.
  • The SEPAmail member must implement the relevant counters to monitor the weighted availability of the servers of the SEPAmail members which receive missives (number of acknowledgement missives received/number of nominal missives sent). Additional indicators may be defined by the Scheme Manager.

Traceability of Data Sent on behalf of Customer

  • The SEPAmail member must send customer data encapsulated in a missive which is compliant with SEPAmail standards and which indicates the date/time and checksum of the data.
  • The SEPAmail member must wait for an acknowledgement missive in compliance with the standard defined by the norm and must re-transmit the missive, if necessary.
  • Independently of the other missives, the SEPAmail member must be able to store and produce either for its customer or for the receiving counterparty’s member, the nominal missive it received AND the corresponding acknowledgement missive, as well as the related signature elements in the envelope format defined by the SEPAmail standard. This restitution of data must include all the relevant re-transmitted missives in the event of the non-reception (or deferred reception) of the acknowledgement missive.

Confidentiality

  • The SEPAmail member is bound to the same obligations for the sending of data as those defined for the receiving of data.

Authentication of the Recipient Member

  • The SEPAmail member must use the recipient member’s certificate, i.e. the certificate corresponding to the BIC of the TO of the missive which was sent.
  • The SEPAmail member must monitor the CRL of the other members at least once a day.

Management of User Data

  • The SEPAmail member is bound to the same obligations for the sending of data as those defined for the receiving of data.

Other languages:
Retrieved from "https://documentation.sepamail.org/index.php?title=Charte_de_l%27adhérent/en&oldid=4652"