Bacs cookie policy – you’ll see this message only once

We use cookies on our website to provide you with the best possible online experience. By continuing to use this site, you give consent for cookies to be used. Please read our cookie policy for more information and details on how to change your preferences. Cookie Policy.

SHA-2

 

INTERNET SECURITY : SHA-256 SSL AND TLS1.1/1.2

Update your payment infrastructure or risk being locked out.


IMPORTANT UPDATE
Important update: The deadline has been extended until the 19 September

We feel it is both necessary and responsible to extend to those businesses that have still to update their payment software, a grace period of 14 weeks (until 19 September 2016) to make sure they can still access Bacs to pay their staff, suppliers and collect Direct Debits and payment reports.

Businesses choosing not to deploy compatible software upgrades by then will have to make alternative arrangements for their payments. There will be no further extension to this date.


Changes which are being made by the internet community will affect your access to Bacs via the Payment Services Website and Bacstel-IP. At the same time, we are making changes to our own security which will also affect you.

It is important that you take action now to prevent interruption to the Bacs services you use.

Below is information on what you will need to do, depending on how you access our services:

  • Direct submitter - if you submit directly to Bacs
  • Indirect submitter - if a Bacs Approved Bureau submits to Bacs on your behalf.

Direct submitter

Action:

  • Check with your Bacs Approved Software Solutions provider that your Bacstel-IP software currently supports, or will be upgraded to support, SHA-2 SSL certificates and TLS 1.1/1.2 by 19 September 2016
  • If you access the Payment Services website, check with your IT provider that your browser and operating system support these security changes.

These changes are necessary because the internet community is adopting new security certification – called SHA-2 – which will affect the requirements for accessing secure services, like our Payment Services Website.

At the same time, we are withdrawing support for older connection protocols to provide even more protection for the communications pipeline between Bacstel-IP / the Payment Services Website, and you, as the service user. From 19 September 2016 we will only support TLS 1.1 and 1.2.

Your existing smartcard, digital certificate and signing solution will be replaced in due course by your sponsoring bank with new ones which provide a higher level of security around the process that enables you to log on, or sign and submit Bacs files.

In order to ensure you can continue to access our services, we have designed the new system so that your old smartcard and signing solution will work until they are replaced. You should check with your Bacs Approved Software Solutions provider if this has any impact on your software.

For details of compatible web browsers, refer to the Information Hub to the right of your screen.

For more information visit the FAQs section.

Indirect submitter

Action:

  • If you log on to the Payment Services Website direct, for example to download your own reports, ask your IT provider to ensure you have a browser and operating system which will support SHA-2 SSL certificates and TLS1.1 / 1.2 by 19 September 2016
  • We would also suggest you speak to your bureau to ensure they are aware of the 19 September 2016 deadline to update their browser to one which will support SHA-2 SSL certificates and TLS1.1 / 1.2 by 19 September 2016.

These changes are necessary because the internet community is adopting new security certification – called SHA-2 – which will affect the requirements for accessing secure services, like our Payment Services Website.

At the same time, we are withdrawing support for older connection protocols to provide even more protection for the communications pipeline between the Payment Services Website, and our service users. From 19 September 2016 we will only support TLS 1.1 and 1.2.

If you access our Payment Services Website to download your Bacs reports, you will have either a smartcard or password log in details. Smartcards and signing solution will be replaced in due course by your sponsoring bank with ones which are compatible with these new more sophisticated levels of security; this will give you even more protection when accessing the Payment Services Website. If you access the services using a password, you will be prompted to change your password at the appropriate time. New passwords must be a minimum of eight characters.

In order to ensure you can continue to access our services, we have designed the new system so that your old smartcard and signing solution will work until it is replaced.

For details of compatible web browsers, refer to the Information Hub to the right of your screen.

For more information visit the FAQs section.

 

  Information Hub
Minimize SHA-2
NOT REGISTERED YET? Some areas and assets are password protected and only available to eligible registered users. To gain access to all the information you need register for your password and log in first every visit REGISTER