RegionsEEABACS and direct debits: Are UK treasurers ready for security changes?

BACS and direct debits: Are UK treasurers ready for security changes?

UK treasurers who use the Bacs system for payments should be aware of new security protocols being introduced this June and ensure their software is still compatible.

For any UK business that sends and receives payments over the internet – which in today’s digital world will be near enough all of them – the security of those payments is always a top priority.

That’s why the majority will use the Bacs (formerly Bankers’ Automated Clearing Services) system to process payments such as payroll and collect direct debits, as it is a scheme that is controlled and protected through strict levels of security.

However, it’s a timely moment to mention that the UK payments sector is undergoing major changes which all businesses should be aware of. In just five months’ time, the payment industry and internet community will be upgrading its security – called SHA-256 and TLS.1.1/TLS.1.2 respectively – to protect payment files from potential outside interference and threats.

What is SHA-256?
SHA-256, an acronym for Secure Hashing Algorithm, is a piece of software that is brand new to the payments scene. This extremely sophisticated method of internet security is now being adopted by the likes of Google, Microsoft, and the majority of the internet community. Replacing the old SHA-1 software, SHA-256 has several security benefits:
• SHA-256 ensures that data files have not been tampered with or changed by external sources.
• It does this by using a single line of verifiable code, which takes the form of a digital signature.
• It is much stronger than SHA-1 from a cryptographical point of view or, in layman’s terms, it uses a secret coded language to ensure no one can read it. This means that it can be attacked again and again, and puts up a much stronger defence than SHA-1.

What is TLS 1.1/TLS 1.2?
TLS stands for Transport Layer Security, and is used to create a secure connection between both the company’s internet browser and the Bacs Payment Services website, and between its payment software and Bacs.
UK treasurers may already be familiar with a piece of technology called Secure Sockets Layer, better known as SSL, which provides protection when payments are being made through the internet. Essentially TLS 1.1 and TLS 1.2 will replace SSL, which is becoming more vulnerable against external threats.

What does this mean for Bacs users?

In June 2016, the security updates outlined above will come into effect. Should the finance or treasury department’s computer operating system, internet browser or the software used to make payments no longer be compatible, then the company will not be able to collect direct debits or make payments to suppliers or staff.

So it is incredibly important that businesses take steps to ensure that they are still protected. For the majority of people, who will use operating systems such as Windows or browsers such as Google Chrome, the updates will be taken care of for them by Google or Microsoft.

However, some checks will need to be done on the part of all financial professionals to ensure that the company’s Bacs-approved software is compatible with the new updates. This can just take the form of a simple check by the user with their provider as, for example, for users of a cloud-based direct debit system, the update may take place automatically. However, this will not be the case for everyone.

What comes next?

Businesses have five months to ensure that they have everything in order and should take the following steps:

If you are a direct submitter into the Bacs system:
Speak to your IT Helpdesk to understand if you need to upgrade your IT infrastructure as TLS and SHA-2 are not supported on all computer operating systems and browsers. Also ensure your Bacs software is compliant with the new security protocols.

If you are an indirect submitter:
It is strongly advised that you check that your bureau has implemented these new security protocols. Anyone who retrieves their Bacs messages from the payment services website should check to see if their operating systems and browsers are compatible.

Given that cashflow is the lifeblood of every business across the world, being unprepared for a payments change like this could cause serious disruption.

Related Articles

London 'to continue as major financial centre despite Brexit'

Brexit London 'to continue as major financial centre despite Brexit'

4m Jay Ashar
“Destroy or democratise” – how Open Banking will impact connectivity

Banking “Destroy or democratise” – how Open Banking will impact connectivity

2y Victoria Beckett
Treasury TV: Yeng Butler compares US and European MMF reforms

Compliance Treasury TV: Yeng Butler compares US and European MMF reforms

2y Victoria Beckett
Money market reforms: Navigating LVNAV, CNAV and VNAV

EEA Money market reforms: Navigating LVNAV, CNAV and VNAV

2y Victoria Beckett
The Challenge of Building and Maintaining a Central Treasury Operation in a Decentralized Company

EEA The Challenge of Building and Maintaining a Central Treasury Operation in a Decentralized Company

2y BELLIN
The Treasury Challenge of a Post-Merger Integration

EEA The Treasury Challenge of a Post-Merger Integration

2y BELLIN
The Challenge of Integrating Worldwide Subsidiaries into one TMS

Baltics The Challenge of Integrating Worldwide Subsidiaries into one TMS

2y BELLIN
Q&A with BMG's treasury : BELLIN - We Love Treasury 2

EEA Q&A with BMG's treasury : BELLIN - We Love Treasury 2

2y BELLIN

Whitepapers & Resources

Transaction Banking Survey 2019

Transaction Banking Survey 2019

3m
TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

5m
Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

7m
Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation

10m