Offline Dataprovisioning in the EU

About File Transfer (Offline Data provisioning)

The account information of banks is provisioned to SurePay via encrypted files (*.PGP) through SFTP (Secure File Transfer Protocol), which are pushed periodically to a location provided by SurePay. This offline data provisioning method ensures secure transmission of sensitive data. The files should be uploaded encrypted and will be stored encrypted in the system, ensuring data protection at all times. When an account that was previously provisioned to SurePay is missing in a subsequent provisioning file, it will be deleted from the SurePay database. A request containing the corresponding IBAN will generate the response 'IBAN inactive,' indicating the account's removal from the system.

How does it work?

The SurePay dataprovisioning system processes the uploaded data files once they are placed in the appropriate location. The system then merges the information into its cache, allowing for efficient retrieval and access to account information.

It's important to note that this interface supports deliveries of full datasets only. Incremental updates are not supported, meaning that the entire dataset needs to be provided in each delivery. This ensures consistency and eliminates the need for partial updates. SurePay will only store the bank's files until the processing is completed. Once the files have been processed, they will be deleted from the system. Throughout the entire process, encryption measures, both at rest and in flight, are applied to maintain data security. This ensures that the files remain encrypted during storage and are only decrypted as part of the data processing phase, providing end-to-end protection.

Connection

  • The files are uploaded to SurePay using the Secure File Transfer Protocol (SFTP), ensuring a secure data transmission process.
  • The communication between the bank and SurePay is protected by the SSH protocol, which provides a secure channel.
  • For authentication, a 4096-bit private key is used. It is essential that the bank generates a compatible key pair that can be used with an AWS SFTP Server.

Delivery format

To start with the delivery format it is relevant to understand the structure of the folder and files expected from both sides when the connection has been established.

Folder structure

For data provisioning, each party involved will have their own dedicated folder on SurePay's SFTP (Secure File Transfer Protocol) server.

  • The root folder will contain two expected files: the "metadata.json" file and the public key used for signature verification. These files are essential for the provisioning process.
  • The account files provided by the bank will be placed in a specific folder called "AccountFiles".
  • To organise the data, the bank is required to create a new folder within "AccountFiles".
  • The name of this folder should follow a specific naming convention, using the date format: "YYYY-MM-DD".