One such imminent initiative impacting the internet globally, with a rapidly approaching deadline is the replacement of Secure Sockets Layer (SSL) with Transport Layer Security (TLS) security protocol. The switchover will go live from 07:00 BST on 13 June, and it will impact any business that uses the Bacstel-IP service, or commonly known as ‘Bacs’ for payments.
Whether directly or indirectly over 150,000 businesses in the UK rely on Bacs to pay employees and suppliers. It is also the payment method of choice for other applications such as pension payments, employee expenses, insurance settlements, dividends and refunds. Businesses that have not checked with suppliers and switched over by the deadline risk not being able to make payments.
What’s the switchover all about?
The switchover is not unique to the payments industry and other organisations that rely on secure internet connections will also need to upgrade. Across the internet and technology community, vendors are working together to migrate away from the earlier SHA-1 (Secure Hashing Algorithm) standards and certificates of first generation internet security.
SHA-1 is over 20 years old and with recent analysis has been found to be theoretically weaker than expected. With increasing computing power, there is tangible concern that third parties, such as criminal organisations, could exploit weaknesses in the next five to ten years. To address this, the internet and technology communities are moving to internet security protocols that use the SHA-2 (also known as SHA256) standard. For Bacstel-IP, this means supporting only the latest Transport Layer Security (TLS) standards and newer server Digital Certificates after the deadline. This is what secures the connection made between your payment software and Bacstel-IP.
SHA-2 is an exponentially more secure standard, making it uneconomical for criminals to compromise any data protected with this algorithm for the next 20–30 years. Therefore, this change is likely to last for some time. If your business is currently using Bacstel-IP to process staff, supplier or customer payments or to collect Direct Debits, then you will need to take action.
Read on to find out what will happen if you don’t take action.
Share this story