You are using a browser which is retiring on 15 June 2022, and you should make changes to avoid interruption in accessing Bacs and Pay.UK websites. We recommend installing the latest version of Microsoft Edge or Google Chrome.
Visit IE11 withdrawal – impact on Bacs for information on how this may affect your access to the Payment Services Website.

Cyber security and service user responsibility

Cyber security and you

Organisations need to be cyber security aware, and take careful and extensive precautions to minimise potential incidents. Cyber security is essential to the smooth running of both Bacs and service user functions. Below are some mandatory requirements and helpful tips to help you remain cyber secure.

Bacs mandatory requirements

  • Smartcards must be removed from smartcard readers immediately after the submission of payment files and collection of reports
  • The operating system and browser of the device you use to submit files must be updated as soon as software updates that are released by your provider
  • Devices used for submitting files must have anti-virus software installed and should be configured to update itself whenever required so by the manufacturer - either automatically or in accordance with your corporate or local IT security procedures. Perimeter and logical controls must also be implemented to prevent unauthorised access to the submitting machine, e.g. colleague pass access to buildings/rooms, password access to Bacs software.

Helpful tips

Emails are commonly used as a form of attack on users. To aid you in remaining cyber secure we have highlighted some common signs to look out for that may help you spot if an email is not what it seems.

  • The “from” email address may contain spelling mistakes, or be a different address to the one you’re used to. Hover your mouse over the top of the email address listed; this will show you the actual hyperlinked address. If this is different from the email address that is displayed, the email is probably fraudulent
  • The email may create a sense of urgency, pressuring you into quick action
  • The sender may be asking for information they should already know, or shouldn’t have access to. For example no legitimate organisation will ever ask for your password
  • There might be an attachment you may be asked to download. Criminals will try to infect your computer by pressuring or enticing you into downloading attachments. If you are not expecting an attachment do not open it
  • You may not be expecting, or would have no reason to receive, an email from the sender