Blog article
See all stories ยป

Bacs Transport Layer Security Changes - we're ready are you?

With technology, regulation and compliance advancing at such a rapid pace, it's important that companies keep abreast of any change that is likely impact their business and, notably, their ability to process payments. One such imminent initiative impacting the internet globally, with a rapidly approaching deadline is the replacement of Secure Sockets Layer (SSL) with Transport Layer Security (TLS) security protocol.

So, what's it all about? Is it truly critical and what's the risk of not doing anything?

The answer is quite simple: Yes, it's critical and, if your organisation is currently using Bacs to process staff, supplier or customer payments or to collect Direct Debits, then you will need to take action. The upshot is that if you don't take action, your business will not be able to process a Bacs payment or collection.

Here is the detail... Bacs, like other organisations that rely on secure internet connections, is making a change to remove a legacy protocol that has been superseded by a protocol that enables higher levels of security. In order to support a move to support SHA-2 certificates for processing Bacs files they have made the decision to stop processing data received over SSL with effect from 13th June 2016. Bacs will only allow transactions to be submitted from software that utilises TLS (Transport Layer Security) version 1.1 or above. TLS replaces the current, standard SSL (Secure Sockets Layer) protocol.

What this means for the majority of Bacs users is one of three things:

you won't need to do anything if you're running a cloud instance of software and such has been confirmed by your provider

a change needs to be made to your existing Bacstel-IP solution to ensure compliance

users of older Bacs technology may need to move to a more current solution.

Realistically and much like other major initiatives such as Bacstel-IP and HMRC Real Time Information (RTI), we anticipate that a large number of organisations might wait until the last minute before investigating the options available to tackle this required update. My advice to organisations is to start the process now as typically these mandatory changes lead to a squeeze on resources for both parties and you run the risk of not being able to make payments as the deadline draws closer. If you currently use installed Bacs software to process your payments, this is a change you will have to make, and there is little point delaying it.

So, now is the time to ask your current Bacs solution provider: Am I ready for TLS? If not what do I need to do to get ready and how soon can you help me? 


Comments: (0)