Save content
Have you found this content useful? Use the button above to save it to your profile.

Bacs Transport Layer Security Changes – we’re ready, are you?

5th Nov 2015
Save content
Have you found this content useful? Use the button above to save it to your profile.

Richard Ransom, Product Marketing Manager, Bottomline Technologies

With technology, regulation and compliance advancing at such a rapid pace, it’s important that companies keep abreast of any change that is likely impact their business and, notably, their ability to process payments. One such imminent initiative impacting the internet globally, with a rapidly approaching deadline is the replacement of Secure Sockets Layer (SSL) with Transport Layer Security (TLS) security protocol.

So, what’s it all about?  Is it truly critical and what’s the risk of not doing anything?

The answer is quite simple:  Yes, it’s critical and, if your organisation is currently using Bacs to process staff, supplier or customer payments or to collect Direct Debits, then you will need to take action.  The upshot is that if you don’t take action, your business will not be able to process a Bacs payment or collection.

Here is the detail… Bacs, like other organisations that rely on secure internet connections, is making a change to remove a legacy protocol that has been superseded by a protocol that enables higher levels of security. In order to support a move to support SHA-2 certificates for processing Bacs files they have made the decision to stop processing data received over SSL with effect from 13th June 2016. Bacs will only allow transactions to be submitted from software that utilises TLS (Transport Layer Security) version 1.1 or above. TLS replaces the current, standard SSL (Secure Sockets Layer) protocol.

What this means for the majority of Bacs is one of two things: 

  • a change needs to be made to your existing Bacstel-IP solution to ensure compliance
  • users of older Bacs technology may need to move to a more current solution.

In an effort to help our customer prepare for this critical security issue, Bottomline is leading by example.  We have already ensured our latest payment solutions are TLS-compliant, and we’re actively working with our customers to ensure they are ready too. 

From regular payment processing to enterprise-ready functionality, whether it’s installed software you prefer or a robust cloud deployment model you’re after, we will ensure our customers’ payments are protected and can continue to be processed.

Realistically and much like other major initiatives such as Bacstel-IP and HMRC Real Time Information (RTI), we are anticipating a large number of organisations might wait until the last minute before investigating the options available to tackle this required update.  My advice is to start the process now as typically these mandatory changes lead to a squeeze on resources for both parties and you run the risk of not being able to make payments as the deadline draws closer. If you currently use installed Bacs software to process your payments, this is a change you will have to make, and there is little point delaying it.

So, now is the time to ask your current Bacs solution provider: Am I ready for TLS? If not what do I need to do to get ready and how soon can you help me?

Visit or email us for more information, or post a question to the LinkedIn TLS group and we’ll respond. Alternatively there’s also a Q&A video for you to view.

Tags:

You might also be interested in

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.