01353 864949

EDDI - Eazipay's Direct Debit Interface. An online portal to access and manage your Direct Debit accounts. find out more

changes to internet security - 10 things businesses need to know

May 6, 2016

The global internet community is set to introduce a new and more sophisticated level of internet security – called SHA-256 SSL - and if UK businesses don’t act now to accommodate the changes, they could find themselves locked out of secure payment websites.

This could have serious implications for UK businesses that use Bacs Payment Schemes Limited (Bacs) to make salary and supplier payments or to collect by payments by Direct Debit.

But what is SHA-256 SSL and how could it affect companies? Here is the Bacs guide to the things all business should know about the new security and its impact.

Currently, most secure internet sites are protected by Secure Hash Algorithm-1 SSL, or SHA –1 SSL.
SHA-1 was first introduced in 1996 and is now classified as vulnerable to cyber-attacks. SHA–256 SSL, however, is the next level of sophisticated internet security. Designed by the National Institute of Standards and Technology (NIST), it's being adopted by Microsoft and Google and the rest of the internet community as an improved means of protecting secure internet sites.

Bacs is also making the internet more secure.
At the same time as this global change, Bacs is improving security further by withdrawing support for older connection protocols. From 13 June, Bacs will only support TLS 1.1 and 1.2 - this provides even more protection for the communication pipeline between Bacs services such as Bacstel-IP and the Payment Services Website and its service users.

Businesses that use Bacs to make or collect payments will be affected.
If your company uses Bacs for payroll, to settle invoices, or to collect Direct Debits, these changes will affect you, so you need to be prepared.

Any business that wants to access Bacs via Bacstel-IP will need to make sure they have the right IT in place to support these changes.
Firms will need to have a web browser, operating system, and a Bacs Approved Software Solution that support these changes. Companies that use the Payment Services Website to collect payments reports will also need to upgrade their IT appropriately.

Failure to update a company's systems will mean it is unable to access secure services.
Access to Bacs, via Bacstel-IP and the Payment Services Website, will be affected by these changes. If companies don't make the necessary changes they may not be able pay staff and suppliers, or to collect by Direct Debit, so it's important that access is maintained.

Equally, many businesses use the Payment Services Website to download important actionable reports. If they cannot gain access; they cannot download reports and then may be in breach of Scheme rules, which could result in access to Bacs being removed.

Bacs is implementing these changes on 13 June 2016.
If companies do not upgrade their software and/or browser and operating system to make them SHA-256 SSL and TLS1.1/1.2 compliant, they will not be able to access Bacs on or after this date. Bacs has been informing the industry from 2015 and continuing to let everyone know to make the necessary changes to ensure their access to Bacs payment services is not lost.

Bacs is adopting the new measures before the internet community.
Bacs is key to the financial infrastructure of the UK so it’s vital that the company adopts new security measures as early as possible to ensure that all changes are in place well in advance of the global switch off of the old security measures in early 2017.

Ask your IT department for assistance.
Businesses will need to check that their operating system and internet browser will work with the new security. The browser on the computer used to access Bacs services must be able to support SHA-256 SSL certificates and TLS 1.1/1.2 by 13 June 2016, whether this is to submit directly or to collect reports. Direct submitters should talk to their Bacs Approved Software Solutions provider to make sure software that can accommodate these changes is in place.

Companies who use a bureau may be affected.
If companies collect their own reports from the Payment Services Website they will still need to have an up to date operating system and internet browser. It is known that the operating systems most at risk are Windows 2000, Windows XP and Windows Vista. Indirect submitters should check their bureau is aware of the changes and that they will be compliant by 13 June 2016.

Banks will support and look after companies with smartcards and signing solutions.
Banks will send new versions of these out to businesses which use them. Existing smartcards and signing solutions will work until the new ones arrive, which may be after 13 June.

For more details on these changes and how they will affect you, go to www.bacs.co.uk/SHA-2 

For further press information, please contact:

Damion Clark at Real PR (Consultants) LLP. Tel: 01353 667934 or 07789 911314 Email: damion@realpublicrelations.com

NOTE! This site uses cookies and similar technologies.

cookies : our website uses cookies and similar technologies to help make this website better : read more here or are you happy to accept ?



Cookie Policy

Our Cookies Policy explains what cookies are, how we use cookies, how third-parties we may partner with may use cookies on the Service, your choices regarding cookies and further

What are cookies

Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.

How Eazipay Ltd uses cookies

When you use and access the Service, we may place a number of cookies files in your web browser.

We use cookies for the following purposes: to enable certain functions of the Service, to provide analytics, to store your preferences, to enable advertisements delivery, including behavioural advertising.

We use both session and persistent cookies on the Service and we use different types of cookies to run the Service:
- Essential cookies. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.

For the full disclosure section, including all types of cookies, please click here.

Third-party cookies

In addition to our own cookies, we may also use various third-parties cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and so on.

What are your choices regarding cookies

If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

More information about cookies

If you would like more information regarding Cookies please visit the below site:
ICO (Information Commissioner’s Office) - https://ico.org.uk/for-the-public/online/cookies/