Hardly a day goes by without a data breach story. There’s widespread concern over the exposure of sensitive and often personal data. The internet industry is responding by implementing new minimum levels of security that will affect us all.
The submission of payments is a function where security is a vital concern. Payment submissions into schemes such as Bacs are controlled and subject to strict security protocols. Those who make Bacs submissions, will have to make sure that the solutions they use meet the necessary security requirements.
So what are the changes that are being implemented?
A new and more sophisticated level of internet security is being adopted, and your organisation, or your bureau, if you use one, must make sure it can accommodate this. You will hear this new security referred to as “SHA-2”.
At the same time as this change is being made by the internet community, Bacs is withdrawing support for older connection protocols to provide even more protection for the communications pipeline between Bacstel-IP / the Payment Services Website, and you, as the service user. From 1 June 2016 Bacs will only support TLS 1.1 and 1.2.
Your existing smartcard, digital certificate and signing solution will be replaced in due course by your sponsoring bank with new ones which provide a higher level of security around the process that enables you to log on, or sign and submit Bacs files.
What does this mean for you?
If you are submitting payments via a bureau then you should contact your bureau to ensure that they are aware of the up-coming changes and are planning accordingly, Bacs has provided information on the steps you can take.
If you submit payments directly into Bacs, you will be using a Bacs approved software solution such as Experian Payments Gateway. Your software provider should be upgrading their solutions in line with the requirements. It is likely that you will need to upgrade to a new version of the software, one that supports TLS 1.1 or 1.2 and SHA-2. The complexity and cost this involves will vary from solution to solution and so contacting your provider to understand the impact on you is vital.
It is very likely that you will need to make some changes in order to meet the security requirements. Those who do not take steps to ensure they are up to date will face issues including being unable to access Bacs and submit payments once the deadlines are reached.
Your software supplier should be ready to help you to upgrade your solution, however if everything is left until the last moment a backlog could form and the resources may not be available to upgrade everyone at the same time. It is imperative that you plan and implement changes well ahead of the deadlines.