On 2 July 2021, we reach the long awaited cut-off date for SHA-1 signatures. SHA-2 will come into effect and the Bacs service will no longer support the SHA-1 security method.
SHA-2 is part of a program of changes to improve security of connection protocols – the mechanism for moving data across the internet – and the way data is stored and transferred. This is particularly critical to businesses who need to protect personal and financial data, both their own and their customers’.
While Bacs approved software providers have gone through a program of upgrading to advanced SHA-2 and TLS1.2 compliant Bacs processing software over the past few years, service users have needed to ensure they are ready to use newer operating systems and web browsers in order to communicate with the Bacs service when the change happens.
At this stage, its essential to check your smartcard signing software (Gemalto eSigner) to ensure you are using the latest version for your bank that is compliant with all the changes. You should contact your sponsoring bank to ensure that you have the latest version installed for all your users, as Bacs software suppliers cannot issue this software. Anyone not using a compliant product by 2 July 2021 will be unable to submit payments to Bacs.
While updating your smartcard signing software is relatively straightforward, why not take this opportunity to explore other, more cost-effective options to make life easier.
An alternative to smartcards is super secure HSM as-a-service. It provides a better way of signing that ensures you’re always compliant. It’s easy to set up and is cost efficient.
So what is HSM?
Hardware Security Module safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions.
The certificate from your sponsor bank used to sign your payments is stored on a hosted HSM, and once connected to your Bacs approved software, allows you to sign payment submissions simply, securely, and without the need for any smartcards. HSM works similar to a credit card with a chip: the chip can’t be broken, the authentication occurs inside, and it’s virtually impossible to tamper with it.
How would my business benefit from HSM as-a-service?
Significant cost savings
With the solution provider hosting the HSM with no up-front costs, there are instant savings to be made. There is no requirement to purchase an on-premise HSM (at a cost of around £10,000). It can also be very cost effective if you have a lot of Smart Card users currently.
Instantly available when and where you need it
That means no delays and the flexibility to take action immediately. HSM is also universal so if a team member suddenly leaves the business, payments can continue with the new member of staff, unlike smartcards which requires a new card and the old one destroyed.
Secure and compliant
With tamper proof protection, HSM provides one of the highest levels of security against external threats. And as new regulations emerge, your software will be updated automatically to ensure you stay compliant and be able to process payments.
Ensures business continuity
Replicated across multiple instances, it provides the reassurance of disaster recovery so that if the worst happens, you can continue to process payments effectively.
Unlocks the power of automation
Add simple workflows to automate payment signing, approving and submitting, or create a full no-human process. It also enables automatic download and distribution of Bacs A-Reports.
Removes Internet Explorer dependency
Not using Smart Cards also removes the (Bank Imposed) requirement to use Internet Explorer as your browser, which is nearing end-of-life, and is inherently insecure compared to modern alternatives (You can use Firefox, Chrome, Edge etc, on any device that has an up-to-date browser and Operating system). It also opens the door to using other devices such as tablets.
Switching to a highly secure, tamper-proof HSM to securely sign your files will enable you to stay compliant with regulations and make remote payment processing super secure across your organisation as well as show your business is serious on privacy… going that extra mile to safeguard both internal and external data.
If you are interested in exploring alternatives to your current solution or discussing HSM as-a-service in more depth, visit our dedicated page.