Business critical changes to internet security are imminent – act now to avoid losing access to vital payment services

The global internet community is set to introduce a new and more sophisticated level of internet security – and if UK businesses don't act now to accommodate the changes, they could find themselves locked out of secure websites.

That could have serious implications for UK businesses that want to use Bacs Payment Schemes Limited (Bacs) to make salary or supplier payments or to collect by Direct Debit.

From 13 June 2016, Bacs is adopting the new security, called SHA-256 SSL. At the same time as this change is being made, Bacs will withdraw support for older connection protocols to provide even more protection for the communications pipeline between the internet-based service access points, Bacstel-IP and the Payment Services Website, and the service user. After 13 June 2016, only TLS 1.1 and 1.2 will be supported.

Any business which wants to access Bacs via Bacstel-IP or the Payment Services Website to make or collect payments will need to have a web browser, operating system, and – if used – a Bacs Approved Software Solution that support these changes.

For more details on these changes and how they will affect you, go to

Comments (1)

  1. Chuffy1966:
    Feb 18, 2016 at 02:16 PM

    Bit of a red hearing. Large businesses change certificates and protocols on a regular basis. When BACS move to SHA-256 SSL and only link with TLS 1.1 and 1.2, it will be a simple matter for the businesses using them to update their links to them.

    B2B is easy to remediate but there is a far bigger problem this reporter has missed. PCI-DSS have mandated that businesses cease to use TLS1.0 but this is the significant protocol behind IE8, IE9 and IE10 and is also used in allmost all Android Aps. You just need to search on Wikipedia to see almost every android wont work on TLS1.1 or 1.2 without reconfiguration (that frankly my Grannie cant do).

    Where large companies like Tesco provide WEB and Mobile App access to their services, by adhearing to PCI-DSS compliance and removing TLS1.0 they have a big headache. They will effectivly preclude 1/2 their customers from shopping. IE10 or lower and almost any android app need considerable reconfiguration or updates to use TLS1.0 or 1.2. Imagine Sainsburys online shopping site or Amazon.... Suddenly 1/2 their customers cant go shopping....

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter