Are you ready for the Bacs SHA2 Security deadline?

Now is the time to check out your options and ensure you are compliant post June 2020

 

 

What is SHA2 all about?

We’ve all heard about the disruptive cyber attacks on high-profile organisations who have suffered operational, commercial and reputational damage from having their systems hacked.  As these attacks become ever more sophisticated, their impact becomes increasingly destructive.

SHA2 is part of a program of changes to improve security of connection protocols – the mechanism for moving data across the internet – and the way data is stored and transferred.  This is particularly critical to businesses who need to protect personal and financial data, both their own and their customers’.

 

How does SHA2 affect Bacs processing

Bacs started implementing a program of upgrading older connection protocols in 2016 requiring all Bacs users to have advanced SHA-2 SSL and TLS encryption.

This necessitated Bacs approved software providers to make changes to their solutions, and for service users to use newer operating systems and web browsers in order to communicate with the Bacs service.

Bacs’ activities to enhance payments cyber security continued through 2017 with the introduction of newer smartcards and HSM certificates, issued by Payment Service Providers, to work with the upgraded connectivity to the Bacs service and provide stronger security.

 

What you need to do

There is a deadline of 26 June 2020, by which time all businesses using the Bacs service must be using SHA2 and TLS1.1 compliant Bacs processing software, web browser and operating systems.

Anyone not using a compliant product after this deadline will be unable to submit payments to Bacs.

We have been working with Bacs since the beginning of these changes and the good news is that paygate has been fully compliant with all the new Bacs security requirements, including SHA2 and TLS1.1/1.2, for some time.

We’ve worked with all our customers to either provide them with free software updates if they wanted to remain using an on-premise solution, or provided an easy migration path to our cloud solution if that was their preferred option. In either case, we have ensured that everyone now has no further action to take and will simply continue to be able to process Bacs payments and credits after the June deadline.

There may also be a need for you to update your smartcard signing software (Gemalto eSigner) to ensure you are using the latest version for your bank that is compliant with all the changes.  You should contact your sponsoring bank to ensure that you have the latest version installed for all your users, as Bacs software suppliers cannot issue this software.

If you’re using another Bacs software solution, we recommend you explore all the options open to you as not all software suppliers offer free updates.  You should also bear in mind that often simply upgrading to one of your current supplier’s other products may incur substantial migration costs and higher ongoing charges.

 

Where to go for more help

If you have any questions about your current paygate solution compatibility, contact our Support Desk

If you’d like information updates about SHA2/TLS and the other Bacs changes direct to your inbox, sign up here

To explore alternatives to your current solution, contact our Sales Team