SKG is committed to improving security and customer options for communicating with their banks.
Several improvements are already scheduled for release. In the coming Product Updates from SKG, you will start noticing several improvements around our Bank Communications Hub (also known as Filehub), which will improve the security and customers’ options for transmitting data to and from their banks.
Standard (legacy) – TAS and BCH share a unique token.
BCH stores the DNS name of Dynamics 365 Finance and Operations instance to verify the environment sending data. IP whitelisting on BCH is used for further protection.
Enhanced (added as of v10.4)
Same as above, except oData is used to provide a call-back mechanism to verify the environment calling BCH. This should be used when the IP addresses of the Dynamics 365 Finance and Operations are not known and therefore IP whitelisting is not possible. The callback functionality is only used on outbound files – from TAS to the bank.
To use Enhanced Security, OData needs be completed in your Azure account.
NOTE: This mode requires the BCH machine to be publicly accessible. It will not work on a local VM.
With this mode, both the Token and Client Secret are stored encrypted on the BCH machine.