1. Introduction

This document specifies the state-of-the-art technology and Software features as well as the corresponding service levels on the date specified on the title page. These specifications are subject to regular modifications and enhancements. BELLIN will always ensure that existing services will at a minimum continue to meet the service levels as described in this document.

 

2.  System Modules and Components and General System Services

BELLIN’s tm5 is a modular system fully provided in the BELLIN Cloud. Customers may select suitable modules and components for their company. Available options are outlined in the proposal. Additional modules can always be licensed and added at any time.

Any number of users and companies in a corporate group can work with the web-based tm5 platform. Prices listed in the proposal always apply to an unlimited number of users and/or companies, unless expressly agreed otherwise. The monthly subscription fees include both usage rights and maintenance services consisting of Software maintenance and the Support Helpdesk.

Maintenance automatically includes the BELLIN tm5 Software as well as any Updates and Releases provided by BELLIN at regular intervals. It also entitles a customer’s central treasury department to call the Support Helpdesk in case of questions regarding system use. Treasury and process consulting is offered and provided by BELLIN consultants in addition to services provided by the Support Helpdesk.

The customer shall take full responsibility for providing users with a compatible web browser (Microsoft Internet Explorer 11.0, Microsoft Edge or Google Chrome) and access to the system via internet or intranet to enable them to fully use the Software pursuant to their respective authorization rights.

 

3. Consulting Services

The needs associated with implementation projects can differ greatly from one customer to another. To assist in the best possible way with the introduction of tm5, BELLIN therefore offers a wide range of services as required. These range from configuration support and comprehensive guidance for introducing the system to expert treasury consulting.

Depending on the scope of the project and the customer’s needs, project support is provided at the customer’s premises and/or on a remote basis. This flexibility means, on the one hand, that projects can be implemented very efficiently in a short space of time. On the other hand, it ensures that comprehensive project support including process and specialist consulting can be provided, if required by the customer.

Of course, there is no one-size-fits-all approach to system implementation which meets all project requirements in all cases. Depending on the know-how and the needs of the customer in regard to our treasury management system, projects consist of three different consulting components.

 

3.1 Get Started – Configuration

The first component of the project involves us guiding you through system navigation, general master data entry and, using examples, the various ways of entering items in tm5. These initial aspects are covered in web sessions to provide you with a flexible, quick and easy introduction to tm5.

 

3.2 Joint Implementation

The second component of the project – Joint Implementation – sees us focus on your existing processes, the mapping of workflows in tm5 and other requirements of tm5 implementation at your company (e.g. user rights and roles model, etc.). Based on your requirements, these aspects can also be discussed or implemented via remote and/or conventional onsite meetings. We usually plan for this project phase to start four to six weeks after the start of configuration.

Support for this second component of the project is provided by a consulting team which is decided on in advance and may consist of two or more consultants depending on the size and complexity of the project.

 

3.3 Treasury Consulting

In addition to these two components, we offer comprehensive consulting which aims to optimize treasury operations. Some prominent examples are optimizing global payment processes, and drafting and writing treasury guidelines and specifying processes to ensure treasury compliance and security (for example segregation of duties).

BELLIN offers additional project management services at different service levels (Elemental, Standard and Enhanced). These are listed in a separate section of the proposal as add-on services for system implementation.

Scoping activities are further examples of additional consulting services.
A scoping exercise at the beginning of a project is a valuable part of the project to evaluate and define specific requirements, procedures and processes prior to system implementation. The findings from a scoping phase are documented in writing and used as a basis for implementation.

Among the various consulting projects BELLIN conducts on a regular basis, the Review Day has also proven to be particularly valuable. Once the project has been completed, users begin their daily work with tm5 and the customer’s contact with the consultant decreases. Employees join or leave the team, processes change constantly, while initially established routines have taken root.

The Review Day serves to optimize established processes and to uncover untapped potential in relation to using the Software.

 

4. Cash Management

LMCASH and LMSTATUS

Cash Management with Financial Status

Short-term Planning of Current Accounts and Liquidity Evaluation in Relation to Key Dates
Cash management is one of the fundamental tasks of every treasury. Treasurers use this component to determine expected balances of all current bank and clearing accounts. Users can process electronic bank statements in various formats (e.g. MT940), compare planning data with account statements, review account balances based on various criteria, and determine optimal cash forecasts using planned transactions e.g. MT 942 files. LMCASH is the component for daily cash management.

The financial status LMSTATUS processes the cash and contract management data already available in tm5 simply and quickly. It provides an overview of the liquidity status or the utilization of lines of credit at any level and for any part of the corporate group in real time or for any specified period of time based on a number of filters in conjunction with the Financial Instruments module. The financial status is a good example of reporting “embedded” in tm5. This achieves true global transparency at the push of a button.

 

5. Bank Connectivity

5.1 Project

5.1.1 Overview

tm5 offers various banking communication standards, both domestic (e.g. EBICS, FTX, MBS) and international (e.g. SWIFT) as well as proprietary (host-to-host) connections. As a rule, a communication channel is used in combination with one or several file formats to exchange data.

 

For the new price model that is available as of April 1, 2019, variable costs for bank connectivity will be charged based on bank groups and bank accounts. The following definitions apply:

  • Statements only
    • Customers are charged for accounts activated in the month in question which were only set up for statements and not for payments. The specified number of accounts is included in the package and each account in excess of this number is charged in addition to the package price.
  • Payment and statements
    • Bank group: The costs for bank groups will be charged for all bank groups set up in the month in question, in addition to the package prices, which are designed for a maximum number of bank groups. A bank group is defined as one group of banks receiving one harmonized file set for payments via one single channel, e.g. Deutsche Bank. Citi and Banamex are considered two additional, separate bank groups.
    • Payment accounts: Account fees will be charged for all accounts activated for payments in the month in question, in addition to the package prices, which are designed for a maximum number of accounts. Billing is based on active bank accounts set up for payment. If an account was active on any given day of a month, it is included for that billing period.

Fees will be charged from the month in which bank connectivity is successfully established. For successful bank connections, the banks need to offer communication using international standards (SWIFT or host-to-host) or national standards (e.g. EBICS). In addition, they need to be able to process MT101 or formats based on XML ISO20022. During a project, BELLIN will start with the banks which have previously been successfully connected by BELLIN.

5.1.2 The Elements Involved in Payment Projects

5.1.2.1 Communication Setup:
  • SWIFT onboarding, H2H connectivity and/or EBICS communication
  • Support and guidance for completing contract documents and questions about these documents
  • Installation of communication channels and setup of BIC/certificate/EBICS payment gateway

 

5.1.2.2 Operation of Communication and Formats:
  • Participation in coordination phone calls
  • Technical setup of banks, SWIFT onboarding of banks, setup of EBICS IDs including a test environment if necessary
  • Testing of MT101 or XML files and coordination with customer IT teams and banks – if necessary/possible
  • Licenses for all formats and development of formats
  • Third-party and internal communication costs such as SWIFT (independent of volume)
  • Conversion from the BELLIN csv format to the bank-specific ISO20022 XML format
  • Adaptation of formats in the event that a new description is submitted to us by the bank/customer
  • Technical payment support

 

5.1.2.3 Bank Communication Configuration
  • Standard setup of tm5 in the master data
  • Definition of signing authorities
  • Configuration of LMPAYMENT master data

 

5.1.2.4 Additional Services Not Included in the Monthly Costs for Use of the tm5 Software
  • Scoping
  • Project management, status reports, etc.
  • Coordination of appointments for the customer or the banks
  • Documentation of any kind such as in relation to formats, connectivity or configuration

5.1.3LMPAYMENT

Payments – Four-dimensional Payments

This component integrates electronic banking for all group companies on a single treasury platform. It supports payments in all four dimensions – multi-country and multi-bank transactions for both domestic and cross-border payments. LMPAYMENT is more than just a payment factory; it represents the basis for local and global electronic banking for organizations of all sizes. In addition to the basic component, an extensive payment format library is available, and formats can be selected accordingly. The component covers the full process, starting with the entry of manual payments or the processing of payment files in the corresponding formats licensed. The payment is then authorized following a multidimensional authorization process which is managed in tm5, fully independently of the authorization rights on file at a bank. Subject to the established technology, payment orders can then be transmitted to any bank worldwide for execution.

 

Payment orders may be executed on bank accounts at third-party banks or on intercompany accounts.

 

6. Financial Instruments

6.1 Module

6.1.1TTCONTRACT

Interest, FX and Commodities – Managing Treasury Transactions/Contract Management
In TTCONTRACT, users manage, document and evaluate any treasury deals based on various methods. These include FX deals (Spot, Swap, NDF or different kinds of Options), commodity management deals (Forwards and Futures), short and long-term interest deals (Money Market Deals, Loans, Interest Swaps) but also the management of lines of credit, leasing deals or collateral. In addition to managing deals, TTCONTRACT also focuses on intercompany processes that help meet all security and compliance requirements. These include, for example, separation into type of deal, entry, evaluation and the necessary reconciliation with the respective counterparties.

 

6.1.2TTDEALING

IC Trading Platform – the Electronic Trading Platform

The component TTDEALING forms the basis for the agreement of deals between group companies or with third parties. A particular focus is on agreeing and optimizing the processing of intercompany lines of credit, FX and interest deals as well as securities. In TTDEALING, interfaces to trading platforms, such as 360T, Bloomberg or FXall, can be set up. TTDEALING also supports electronic transaction matching and ensures timely and transparent planning.

 

TTGUARANTEE

Management of All Guarantees

In addition to typical treasury transactions, TTGUARANTEE provides users with a very detailed overview of bank, group and received guarantees. Fees are calculated automatically and transferred to Cash Management for monitoring. TTGUARANTEE supports intercompany processing of guarantees on behalf of.

In addition to managing guarantees, users can also apply for guarantees from banks electronically via an additional service in connection with the BELLIN SWIFT Service directly from tm5 and have them confirmed by the bank. This replaces paper-based applications.

 

TTLC

LC Management – Managing the Import and Export of Letters of Credit (LC)

This component fully supports LC management and related individual shipments. This includes fee calculation and commercial cash flows. Full integration of this data in credit line utilization or cash management is ensured.

In addition to managing LCs, users can also apply for LCs electronically via an additional service in connection with the BELLIN SWIFT Service directly from tm5 and have them confirmed by the bank. This replaces paper-based applications.

 

TTGL

Accounting – Preparation of Data for Accounting

TTGL connects treasury and financial accounting. This component ensures accounting record reconciliation for valuations or deferred interest as well as determining booking instructions.

 

6.2 Add-ons

6.2.1 Trading Platforms

6.2.1.1 Interface with 360T Trading Platform

An interface with the electronic trading network 360T enables users to transfer XML files of traded transactions directly to tm5. All data relating to concluded transactions thus becomes available in tm5 for later analysis. This saves users the work of manually entering these transactions. For further processing in tm5, several fields in 360T need to be configured in advance. A prerequisite for using 360T is a 360T platform license with the provider. A technical requirement for using 360T in tm5 is a license for the Financial Instruments module. After the transfer of transaction data from 360T to tm5 has been configured, both manual and automatic transfers are possible.

 

6.2.1.2 Interface with FXall Trading Platform

An interface with the FXall Trading Platform allows for the CSV-based import of traded transactions in tm5. All data relating to concluded transactions thus becomes available in tm5 for later analysis. This saves users the work of manually entering these transactions. For further processing in tm5, several individual fields need to be configured in advance in order to correctly identify trading partners and type of deal and include them in tm5 accordingly.

A prerequisite for using FXall is an FXall license with the provider. A technical requirement for using FXall in tm5 is a license for the Financial Instruments module. The format of the CSV file is defined by FXall and customers must apply to FXall to obtain the format.

 

6.2.1.3 Interface with Bloomberg Trading Platform

An interface with the Bloomberg electronic trading network allows for the CSV-based (v2.4 or v2.12) import of traded transactions in tm5. All data relating to concluded transactions thus becomes available in tm5 for later analysis. This saves users the work of manually entering these transactions. For further processing in tm5, several individual fields need to be configured in advance in order to correctly identify trading partners and type of deal and include them in tm5 accordingly.

A prerequisite for using Bloomberg is a Bloomberg platform license with the provider. A technical requirement for using Bloomberg in tm5 is a license for the Financial Instruments module. BELLIN configures the delivery of deals to a specific network location in the customer network. The import into tm5 is then initiated directly in tm5’s Bloomberg component with deals requested from the network and recorded in tm5.

In addition, deal requests can be generated in tm5 to be exported as CSV files. Deal requests can then be imported to Bloomberg FXEM. To do so, a “DEALREQUESTID” must be configured as a “note field” in the Bloomberg system. This enables users to connect imported deals with a deal request in tm5. It is possible to automatically generate back-to-back deals wherever an internal tm5 client has been assigned to a deal request.

 

6.2.2 EMIR

A direct connection from tm5 enables customers to report derivatives directly from tm5 to the trade repository REGIS-TR without having to maintain an individual company account with REGIS-TR. Reports for all deals with banks as well as group companies are created and transmitted. The price for the service covers the first 5,000 successful reports p.a. Additional reports are invoiced in packages of 1,000. Please note that FX derivatives generally only require one report, whereas several reports per deal are required for commodity futures.

 

It is the responsibility of the customer to ensure accurate and complete reporting when using the BELLIN EMIR Service. Customers can apply for a separate, read-only account at REGIS-TR in order to double-check the reported data. BELLIN assumes no liability for the accuracy and completeness of REGIS-TR reports.

 

6.2.3 Matching

The term “matching” refers to the mutual electronic confirmation of transactions between companies and banks. The BELLIN Matching Service covers the exchange of messages in connection with FX deals (SPOT, SWAP, Forward, NDF and barrier options) as well as Money Market Deals. tm5 provides a direct overview of any deals for which messages were sent as well as the successful confirmation by the bank or a possible mismatch. The system compares data automatically, which means that changes to matching deals are either not possible or immediately obvious.

 

The BELLIN Matching Service lets companies create and send electronic messages to the connected banks to confirm transactions. They can also collect these confirmation messages from the respective banks. There are three essential requirements for using the BELLIN Matching Service:

  • The customer has licensed the Financial Instruments module and uses it to manage the respective transactions and all relevant data.
  • The customer has access to SWIFT via the BELLIN SWIFT Service. In this case, the SWIFT Network can be used to exchange messages with the customer’s banks.
  • The BELLIN Matching Service was ordered and has been configured by a BELLIN consultant.

 

When establishing the BELLIN Matching Service, it is important to note that at least three parties (SWIFT/bank/BELLIN) will be involved.

  • BELLIN needs to install and configure the functionality in tm5.
  • The bank needs to be informed and be capable of receiving and processing confirmation messages (MT3xx) from the customer via SWIFT. In turn, the bank will also be able to send confirmations to the customer’s SWIFT Code.
  • The BELLIN SWIFT Service not only has to be set up by BELLIN but also needs to be activated by SWIFT.

 

It is to be expected that it will take a few days or weeks to coordinate the parties involved before messages can be exchanged smoothly. An accurate prediction of the project duration is therefore not possible but it should take no more than a few weeks.

 

The Bank Connectivity subscription is a requirement for this service. An agreement with the bank regarding the acceptance of payment orders is not required for the exchange of confirmation messages.

 

6.2.4 Risk Analysis

6.2.4.1 TTRISKWATCH

Risk Management – Mathematical Analysis of Financial Risk

Sensitivities or Value-at-Risk can be calculated and simulations carried out in this add-on. It forms the basis for a mathematically predicted risk analysis and is an important element of overall risk management within the framework of IFRS reporting obligations.

 

7.  Forecasting and Planning

7.1 LMPLANNING

Liquidity Planning – Medium to Long-term Forecasting/Liquidity Planning

LMPLANNING enables a long-term forecast of liquidity developments for each company, department or the entire group. On one hand, past payments and cash flows are evaluated for future use based on individually defined planning categories and planning structures; on the other hand, future payments are planned, processed and evaluated based on various different scenarios. The results in LMPLANNING are then available for corporate risk management, in particular in combination with refinancing contracts (funding) or currency hedging (hedging), and efficiently facilitate analysis of financial plans e.g. plan/plan, plan/actual or plan/forecast comparisons.

 

8.  Multilateral Netting

8.1 ICNETTING

Reconciliation – Reconciliation of Intercompany Invoices

The ICNETTING component of tm5 serves to optimize intercompany reconciliation – between all group companies and for all users. BELLIN customers are no longer limited to receivables or payables-driven netting. Instead, they can harness the full potential of AGREEMENTDRIVENNETTING®.®.

 

Reconciliation of Intercompany Cash Flows

In ICNETTING, users organize all cash flows within the group processed via the netting center or related sub-centers. This component also helps users calculate netting statements and organize the resulting intragroup payment transactions to conclude the netting process.

 

8.2 ICDISPUTE

Professional Dispute Management

This component allows systematic dispute management at invoice level and provides users with a structured escalation process within the group to come to a solution. It lays the foundation for ensuring the automatic and obligatory integration of different management levels. Disputes are solved quickly and remain transparent and analyzable.

 

8.3 ICBALANCES

Intercompany Balances – Reconciliation of Intercompany Balances

At the end of an accounting period, this component completes the reconciliation process between group companies prior to balance sheet and P&L preparation. It handles an essential task for achieving fast close and serves to complete the reconciliation process.

 

 

9.  Add-on Services

9.1 BELLIN Connect

BELLIN Connect is a mobile app that quickly connects treasury teams to their tm5 information and allows them to act on it. It is an easy-to-use tool and interface with tm5 for performing tasks and viewing data from smartphones and other devices which operate with Android/iOS.

 

9.2 Cloud Service: SaaS Service Level

tm5 can be used without any on-site installation. tm5 can be hosted independent of or on the same server as the payment gateways which are used for processing payments and forwarding them to the banks.

 

9.2.1 General Scope

BELLIN carries out the installation work and provides any hardware and software components required for operation and monitoring of tm5. BELLIN decides which hardware components and software systems are used for running the server and the application as well as for data backup. Only components that support the running of the system and meet security standards are used. BELLIN Cloud Services are regularly monitored within the framework of security checks and certifications and constantly updated to meet state-of-the-art technology requirements and guarantee data protection and security.

 

Any work covered by license and maintenance agreements in connection with the required operating system and database, as well as regular backups and storage of backups, are performed as follows:

  • Daily for the current and previous week
  • Weekly for the current and previous month
  • Monthly for the current and previous year

 

Daily 24h availability of the live system or availability in accordance with the respective service levels detailed below is presumed for operating server and application. This does not apply to times of generally restricted internet availability and/or access by users. Maintenance and backups performed by BELLIN do not impair availability.

 

BELLIN supplies the necessary SSL certificates or an alternative secure operating medium with PCI compliant 256-bit HTTPS encryption.

 

9.2.2 System Uptime Monitoring

BELLIN offers Cloud services for its customers’ treasury applications. Depending on the Cloud agreement, customers are guaranteed a specific minimum availability of the application. However, customers cannot easily measure whether this guaranteed uptime has been maintained.

 

BELLIN offers system uptime tracking by a neutral, third-party provider specializing in this service. BELLIN reserves the right to change service providers at any time. This service tries to access the selected website from one of multiple “probing servers” around the globe with intervals of 5 minutes or shorter. Visual information about website uptimes and downtimes will be displayed on a website.

 

Two versions of the service are included in the subscription depending on the Cloud Service option chosen by the customer:

  • SHARED
    Access to the report for the system’s demo installation (demo.mytm5.com). If the demo application is not available, this generally means that other treasury applications at the same location could be down as well.
  • EXCLUSIVE
    BELLIN sets up an individual availability service for the tm5 system of the customer.

 

9.2.3 Cloud Service Comparison

In addition to the Shared Cloud Service, BELLIN offers Exclusive Cloud for specific applications.
These applications are:

  • BELLIN Exclusive X1
    • For customers who require a system segregated from other customers, our X1 is the most economical choice.
  • BELLIN Exclusive X2
    • Our X2 satisfies many of the toughest data security and regulatory requirements that your treasury team may face.
    • Two dedicated virtual servers which can be used to run the following applications:
      • 2x tm5 Web (Live and Test)
      • 2x tm5 Databases
      • 1x MCT Gateway
      • 1x BELLIN Payment Gateway
    • Our security team recommends that payment gateways are isolated from the web and database servers. Although not the highest security available, the X2 offers this. For the highest isolation and best practice, the X3 is our recommendation.
  • BELLIN Exclusive X3
    • X3 is a no-compromise solution that will satisfy the toughest treasury and audit demands. Three standalone virtual machines for running your tm5 web, data and payments.
    • Three dedicated virtual servers which can be used for the following applications:
      • Server 1
        • 2x tm5 Web (Live and Test)
      • Server 2
        • 2x tm5 Databases
      • Server 3
        • 1x MCT Gateway
        • 1x BELLIN Payment Gateway

 

 

 

The table below outlines the service details which are applicable to the Cloud options available at BELLIN.

 

  Shared Service Exclusive Service
  tm5 Test System BELLIN Standard BELLIN Premium BELLIN Exclusive X1 BELLIN Exclusive X2 BELLIN Exclusive X3
Network Access Security  
Enterprise firewall configured by certified engineers            
Intrusion Prevention System (IPS)            
Data Security  
RAID systems            
Encrypted storage (AES-256)            
Virtualized Systems            
Offsite Backup            
Antivirus software            
Single SQL Database per Customer            
Backup database to SFTP site            
Application Security  
FIPS-ready/PCI compliant 256-bit HTTPS            
Alignment of controls to customer’s security requirements 5            
Annual third-party penetration testing            
Physical Security  
Man trap, CCTV, secure card access            
HVAC Systems            
Fire Suppression Systems            
On-Site UPS            
On-site diesel backup generator            
Redundant power to servers            
ISO or equivalent data center            
Recovery  
Real-time replication to DR location            
Backup in 2nd location            
Availability and Recovery  
System Availability 99,0% 99,5% 99,9% 99,9% 99,9% 99,9%
Recovery Time Objective (RTO) N/A 12 hours 4 hours 4 hours 4 hours 4 hours
Recovery Point Objective (RPO) N/A 24 hours 1 hour 1 hour 1 hour 1 hour
Generic third-party site monitoring            
Personalized site monitoring            
Cloud Support  
24/7 Server Monitoring            
Usage  
Included tm5 Storage 1 PE3 5GB 15GB 25GB 50GB 100GB
Maximum tm5 Storage in this tier 2 PE3 10GB 20GB Unlimited Unlimited Unlimited
Included bandwidth per month PE3 5GB6 10GB6 100GB6 100GB6 100GB6
Data Packages PE3          
Access Control  
Two Factor Authentication
(BELLIN Connect / Hard Tokens)
PE3          
Client Certificates PE3          
Dedicated IP address 4 PE3          
IP Address Restrictions PE3          
Integration  
Trade Import Automation            
Fusion Confirmation Matching            
360T            
BELLIN Integration Services (BIS)            
Add-Ons  
Test System            
Auto-copy of Live to Test            
Additional tm5 front end on single DB            
SSIS Packages            
  Included
  Not included, but available
  Not available

 

Storage Notes

1 The storage included in the tier can be increased by purchasing additional data packs.
2 If you surpass the maximum storage allowed in this tier you will be automatically upgraded to the next tier.
3 Production Equivalent (PE) is the same value as in Production.
4 Host headers are used by default to allow multiple domain names to be shared by a single IP address.
5 Additional security controls can be implemented on the server as required. A list of available security controls is located in the Exclusive product description.
6 If the customer regularly exceeds the bandwidth, the customer may be required to move to the next available tier. In the case of Exclusives, exceeding bandwidth may incur additional costs.

 

 

9.3 Market Data

In cooperation with third parties, BELLIN offers market data services integrated in tm5. For detailed information on the scope of these services, please consult the up-to-date service documentation in Treasury Connected (www.treasuryconnected.com). BELLIN explicitly reserves the right to adjust the services at any time.

 

9.4 BELLIN Integration Service (BIS)

9.4.1 Data Exchange Across Networks

It may become necessary to exchange data between the customer network and the BELLIN network. This mainly applies to account statements and payment files but can also affect other data that requires automatic processing. BELLIN provides several alternatives and services for this purpose, depending on data direction. Both manual and automatic processing of transmitted data is possible.

The following graph displays the manual process:

The following directions for transfers and transfer frequencies are available:

Service Name
(Business Topic)
Direction Maximum Frequency
BELLIN->Customer Customer->BELLIN
Database backup x N/A 1 x per day
Account statement files x x Every 15 minutes
Market data files x N/A (included in seperate service) Every 15 minutes
Payment files N/A x Every 5 minutes
Planning data for Cash and Planning X x Every 15 minutes
Accounting data files X x Every 15 minutes
Netting data files X x Every 15 minutes

Some services allow for multiple transfer jobs that can be set up for both directions within the same service. However, in addition to the business topics mentioned above, if an additional SFTP channel is needed (e.g. two FTP clients on the customer side), then an additional data feed service is also required. This cannot operate via the same service.

The SFTP server is by default located in the BELLIN Cloud while on the customer side an SFTP client is used. For other configurations prior scoping is required.

 

9.5 SSO

9.5.1 BELLIN Cloud – Third-party Authentication

In cooperation with a third-party provider (currently PingIdentity), BELLIN offers single sign-on technology (SSO). Several authentication methods are supported. A component that can be licensed is made available in tm5 if this option is chosen. This component enables the connection to the authentication service provider portal. Users can choose if they wish to use SSO exclusively or in addition to regular login via user name and password. Monthly costs depend on the number of users. When using this technology, the number of users and any adjustments to this number are reported to BELLIN.

 

9.6 Tokens (Two-factor Authentication/2FA)

9.6.1 General Information

Two-factor authentication adds an extra layer of security to tm5 by using a token. Regular passwords are susceptible to capture either by OTSB (over-the-shoulder browsing), key logging, or the user writing the password on a yellow sticky note. Two-factor authentication forces selected users to enter a one-time password (OTP) in addition to their regular password. This OTP is supplied to the user on a hard token (key fob).

 

9.6.2 The Tokens

Our hardware token technology is based on the industry-proven Gemalto SafeNet OTP 110. It generates a new one-time password each time it is used which cannot be forged or ever used twice.

Our hardware token is powered by a battery that provides 5 years of service, depending on the number of authentications you perform.

 

9.6.3 Use

One-time passwords can be used to secure the system login and/or for payment authorization and can be activated for selected users.

 

The token can be enabled within the static data of a particular user. In tm5, the “User Details” page has two check boxes, one to require 2FA for tm5 login and one to require it for payment authorization. By allowing single users to be selected, you can implement 2FA only for power users (administrators), or payment users. It also allows an administrator to temporarily disable 2FA for another user if that user has lost their token and needs to sign an urgent payment.

 

If a user has the “Required for 2FA Login” setting enabled, they will enter their username and password as usual, followed by the one-time password displayed on the token in the “Passcode” box. Users without a token can log in with only a username and password and leave the “Passcode” box blank.

 

If a user has the “Required for 2FA Payment” setting enabled, they must enter the passcode directly below the approval password on the approval page. The user cannot approve payments without a token.

 

9.6.4 Token Replacement

The SafeNetOTP 110 token has a lifetime warranty and is part of the service, including free replacement (excluding shipping to BELLIN). The token never expires.

 

9.7 Languages

9.7.1 Languages with full maintenance and support

The following languages are preconfigured in the system and updated with every Release:

  • English
  • German

Help documentation and release notes are available in both languages, and customers have access to support services in line with their maintenance agreement.

 

9.7.2 Languages without full support

The following additional languages are available on request:

  • Chinese
  • French
  • Japanese
  • Portuguese
  • Spanish

System updates of these languages become available shortly after a Release. However, help documentation, release notes, and support services are not available in these languages.

Let’s get in touch!

Interested in learning more about our solutions? That’s great.
Because we’d like to learn more about you. So give us a shout.

By submitting this form, you consent to us using your data to process your request. You can find more detailed information in our privacy policy.