Secured transactions

Files are used to send money transaction data between banks. Companies also use such files to send transaction data to Bankgirot, Plusgirot and to their banks.

Different types of files are used for salary, autogiro and vendor payments. Other important types are used for electronic invoices (e-invoice) and for direct bank payments on web sites.

Different methods can be used to secure the files. An important method is to use a checksum (digital seal) calculated by a hash algorithm. Two such algorithms are used today, Sigillet and HMAC. The Sigillet algorithm has been used since 1981 and is today used by for instance Swedbank, Nordea, Bankgirot, Plusgirot and the Swedish Customs. Companies use the algorithm for security when they send files to for instance Bankgirot.

Some banks also support HMAC which has been introduced lately.

Verimation is the only company which has products based on both the Sigillet and HMAC algorithms.

Input to the algorithms is data from the file together with a user specific secret key. The result is a string of characters called the SEAL which is appended to the file.

To verify that the information has not been modified, a new SEAL is calculated in the same manner and compared with the original SEAL appended to the file. If they two correspond, the information contained in the file has not been altered. This assures that the data has not been manipulated and the sender used the correct secret key.