Join the Community

22,253
Expert opinions
44,223
Total members
408
New members (last 30 days)
201
New opinions (last 30 days)
28,760
Total comments

Are you prepared for the global internet-wide security upgrades next month?

For any business that sends and receives payments over the internet, which in today’s digital world will be near enough all of them, the security of those payments is a top priority. That’s why the majority will use the Bacs system or Direct Debits to send money to clients and employees and to receive payments, as it’s controlled and protected through strict levels of security.

However, it’s worth noting that the payments sector is undergoing major changes which all businesses should be aware of. In just four weeks time (13th June) payment security measures will be upgraded. The two big changes will be the upgrade to SHA-256 & TLS.1.1/TLS.1.2 security which will be used to protect any payment files that are sent and received by yourselves from external interference and malicious threats.

TLS 1.1 and TLS 1.2 (Transport Layer Security) is used to:

- Secure the connection between your payment software and Bacs
- Secure the connection between your browser and the Bacs Payment Services Website
- It replaces SSL (Secure Sockets Layer) which is becoming more vulnerable.

Why is this change needed?

- SSL v3 is old – designed in 1996
- Its recently become vulnerable to having the connection broken
- Like many other industries, Bacs and the payments industry are stopping support of SSL v3.

What is SHA-256?

A new and more sophisticated level of internet security is being adopted (by Microsoft, Google and the rest of the internet community) and is called SHA-256.  

- It is a calculation used to give data files a single verifiable code (a digital signature)
- It's used to determine that data files have not been tampered with between being signed with the digital signature, sent over the internet and received
- SHA-256 replaces SHA-1 which security experts believe could soon be economical to create a “collision” (two converted data file codes the same).

Why is the changed needed?

- SHA-1 is old – designed in 1995
- Relies on it being computationally hard to create a collision
- Increasing computer power means it’s becoming economical to create collision
- Moving to SHA-256 makes files and websites more safe it uneconomical to create a collision for 20-30 years.

From 13th June 2016, if your computer browser, operating system or the Bacs Approved Software is not compatible, you will not be able to make payments (e.g. pay suppliers or staff) or collect Direct Debits.

Consequences and actions

If you are a direct submitter -

Speak to your IT Helpdesk to understand if you need to upgrade your IT infrastructure as TLS and SHA-2 are not supported on all computer operating systems and browsers. Also ensure your Bacs software is compliant with the new security protocols.

If you are an indirect submitter -

I'd strongly advise you to check that your bureau has implemented these new security protocols. If you are retrieving your Bacs messages from the Payment Services Website, you should check to see if your operating systems and browsers are compatible.

Download the latest browser and operating system requirements – here.

To learn more about SHA-2 & TLS, visit the Bacs website - here. 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,253
Expert opinions
44,223
Total members
408
New members (last 30 days)
201
New opinions (last 30 days)
28,760
Total comments

Now Hiring