Bacs cookie policy

We use cookies on our website to provide you with the best possible online experience. By continuing to use this site, you give consent for cookies to be used. Please read our cookie policy for more information and details on how to change your preferences. Cookie Policy.

Cyber security and service user responsibility

Cyber security and you

Organisations need to be cyber security aware, and take careful and extensive precautions to minimise potential incidents. Cyber security is essential to the smooth running of both Bacs and service user functions. Below are some mandatory requirements and helpful tips to help you remain cyber secure.


Bacs mandatory requirements

  • Smartcards must be removed from smartcard readers immediately after the submission of payment files and collection of reports
  • The operating system and browser of the device you use to submit files must be updated as soon as software updates that are released by your provider
  • Devices used for submitting files must have anti-virus software installed and should be configured to update itself whenever required so by the manufacturer - either automatically or in accordance with your corporate or local IT security procedures. Perimeter and logical controls must also be implemented to prevent unauthorised access to the submitting machine, e.g. colleague pass access to buildings/rooms, password access to Bacs software.

​Helpful tips

​Emails are commonly used as a form of attack on users. To aid you in remaining cyber secure we have highlighted some common signs to look out for that may help you spot if an email is not what it seems.

  • The “from” email address may contain spelling mistakes, or be a different address to the one you’re used to. Hover your mouse over the top of the email address listed; this will show you the actual hyperlinked address. If this is different from the email address that is displayed, the email is probably fraudulent
  • The email may create a sense of urgency, pressuring you into quick action
  • The sender may be asking for information they should already know, or shouldn’t have access to. For example no legitimate organisation will ever ask for your password
  • There might be an attachment you may be asked to download. Criminals will try to infect your computer by pressuring or enticing you into downloading attachments. If you are not expecting an attachment do not open it
  • You may not be expecting, or would have no reason to receive, an email from the sender
  • Does something just feel off? If something doesn’t feel right about the email, it probably isn’t legitimate.

Further information is available within the Guide and Rules documentation.