3skey Token
Karlyn Hemmerling
The SWIFT 3Skey token management portal requires you to install the SWIFT Token Client and SConnect in order to activate and manage your tokens. Your signature or treasury application may have additional requirements, kindly liaise with the service provider of your application for more information.
The provision and use of the 3SKey solution are governed by the 3SKey Terms and Conditions. Always refer to the latest available version on SWIFT Contracts.
For more information about the features and functions of the 3SKey solution, and your roles and responsibilities as a 3SKey user or 3SKey subscriber or those of SWIFT as the provider of the 3SKey solution, regularly check the latest available version of the 3SKey Service Description on Documentation.
Important: the provision and use of 3SKey tokens are subject to United States export restrictions and other sanction programmes. Persons located in or from Cuba, North Korea, Iran, Sudan or Syria, and persons identified on US government or EU "denied party" or the "Specifically Designated Nationals" lists, are not permitted to possess or use 3SKey tokens.
Click here to accept the 3SKey Terms and Conditions referred to above.
By accepting, you also represent and warrant to SWIFT that you are not subject to any of the export restrictions and other sanction programmes that would prohibit your possession or use of the 3SKey tokens.
You can verify that Sconnect is installed successfully by validating the presence of the SConnect icon in the Command bar of your browser.
Click on the SConnect icon then on the Settings icon on the top right.
Click on About and verify that the extension version is at least 2.13.0.0.
Click on AddOns and verify that the PKCS11 1.6.10.7 and WebSigner 1.4.1.1 add-ons are present.
If the version of SConnect or of the add-ons is not correct please uninstall then reinstall SConnect. Uninstall SConnect Host from the list of installed programs and remove the extension from your browser's Extensions or Add-ons page. You can find complete uninstall instructions here. Then follow the installation instructions above.
Treasury plays a crucial role in supporting financial objectives and informing strategic decisions. Secure global bank communications, operational efficiency and control, regulatory compliance, and effective liquidity and risk management are essential to support growth and create competitive advantage.
With a strong focus on harmonisation and straight-through processing, Swift plays an active role in market practices initiatives and provides expertise, products and services to support best practice.
3SKey tokens contain a unique, anonymous identifier that each bank assigns independently to their customers, and uses a trusted Public Key Infrastructure (PKI) to guarantee transactions are authentic, unaltered and legally binding.
The 3Skey is a multi-bank personal signature solution that is interoperable with the EBICS and Swift networks, created by SWIFT. It enables companies to digitally sign the messages and files they send to their banks. On a more practical level, the authorized individuals within a company have their own 3Skey certificate in the form of a token, enabling them to securely approve the sending of a transfer file to their bank
While managing different authentication methods can make banking transactions more complex and costly, adopting the 3SKey token offers a unified solution, by centralizing authentication and digital signature.
The 3SKey benefits from the latest encryption systems to secure its use and minimize the risks of fraud.
The 3SKey is also a way for companies to easily manage access rights and authorizations for each user. A designated administrator can assign and revoke 3SKey token usage rights, guaranteeing effective control and secure transactions. Added to this are detailed logging functionalities that enable user actions to be tracked and verified, in order to ensure the transparency and compliance of the transactions.
The 3SKey is compatible with various types of transactions, including domestic and international payments. It can be used on both Swift and EBICS networks, offering great flexibility to companies working with different banks and systems. Furthermore, it is available in several languages, making it easy for multinational companies and international users to adopt.
Swift provides inactive tokens (which cannot be used to sign
transactions). To start using your 3SKey on Cegid Allmybanks, you must first activate it by following the Swift procedure. You can then register your token in the Cegid Allmybanks application and use it to authenticate yourself and validate your remittances.
For example, users of an international company can use 3SKey to connect to Cegid Allmybanks and securely sign all its payment orders directly in the application, for all its bank accounts worldwide.
A 3SKey token locks after 5 incorrect passwords are entered consecutively. If the password was lost or if the token becomes locked, then it can be reset with the help of one of the administrators of your user group.
An administrator can reset your token. There are always a minimum of two administrators in each user group. The token to be reset and the administrator token will need to be plugged in the same system at the same time in order to perform the reset.
Note: To reset an activated token you need the security code that was generated during its activation. If you do not have the security code of a locked activated token then you cannot reset it and must replace it. In that event please revoke the locked token then activate and register a new token.
When you are logged in with an administrator token on the 3SKey portal and you prepare a token for reset, you may get an error message if you are using an outdated version of the 3SKey software. If a previous reset operation was interrupted it's also possible that the token cannot be selected for reset on your next attempt.
"The current password is incorrect. Your session will be closed."
This error can show during a reset operation if your unique ID has been recovered or renewed on a token provided by a different bank than that that provided your original token. To resolve this you must change the temporary password of your token using the Safenet Authentication Client Tools software. In the Safenet software, click on Change Token Password, enter the current temporary password, and change it to the default initial password that was provided with the current token. You can then use this password to login and proceed with the reset. A fix will be deployed through a future portal release.
Error 00050: The token cannot be activated
This error can show during a reset operation if your unique ID has been recovered or renewed on a token provided by a different bank than that that provided your original token. To resolve this issue your administrator must setup the token for reset again, and set the temporary password to the default initial password that was provided with the current token. You will then be able to proceed with the reset. A fix will be deployed through a future portal release.
Error 00057: Please update the 3SKey software to the latest version, and ask your administrator to setup the token for reset again.
This error can show when a token was activated or reset previously using a non supported version of the 3SKey software. To resolve proceed as follows:
- On the computers of 3SKey users and admins, verify with help of your system administrator that there are no pqOwner or pqModifiable values in the Windows registry, under the keys
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SafeNet\Authentication\SAC\PQ]
[HKEY_CURRENT_USER\SOFTWARE\SafeNet\Authentication\SAC\PQ]
Delete pqOwner and pqModifiable if present.
- Verify in the list of installed programs that you have SWIFT Token Client 4.1 or higher and Safenet Authentication Client 10.7 or higher. If that is not the case Update the 3SKey software.
- Important: Your 3SKey administrator must setup the token for reset again.
Error 00842: Token Initialization failed
This error during a setup for reset operation by an administrator can result from a PIN policy configured on the token that is higher than the PIN policy currently defined on the group. As a workaround, select a password that complies with the PIN policy level 12 (twelve characters password minimum with lower and upper case letters, at least one number, and at least one special character) during the setup for reset operation. After the reset is finalized you will be able to change the token password to a password that is compliant with the current group PIN policy.
For any other issue during a reset please follow this procedure to cleanup the token before you reset it again on the 3SKey portal. The procedure will empty the token content. The reset operation on the portal will then recreate the token certificate. Kindly note that a same 3SKey token can only be reset a maximum of 5 times and that a token that is expired, revoked or in renewal window cannot be reset.
Right-click the icon in the notification area at the bottom right of your display, and click About.
Check that the version is 10.7 or higher.
If you have an older version you need to update the software as indicated on How to update your token software?.
Plug the administrator token back in and login to the 3SKey portal. Follow the reset procedure again. During the Setup for Reset step we recommend to set the temporary password to the default initial password that was provided with the token.
4a15465005