What is the Bacs SHA-2 and TLS migration all about?

14th January 2016

You may have received a newsletter from Bacs informing you of changes that are happening to the internet which will affect your payment submissions or your ability to login to Bacs Payment Services. This page sets out what these changes are and the impact on your Bacs Software.

When your files are sent to Bacs, or you log into Bacs your Bacs Software creates a digital signature using your smartcard certificate. This means that when data is received by Bacs they can be assured the file has not been altered during transport over the internet. There was a time when the SHA-1 hash was thought to be very secure. Times have changed, 128 bit hash is now not thought to be secure enough for your financial transactions and everything is moving to a more secure SHA-2 hash.

Alhough it sounds fairly straighforward, it does mean that older computers and browsers may not be up to the job. If you still use a Windows XP computer, Microsoft have already withdrawn support and there have been no security patches for some time. The same goes for older versions of Internet Explorer (IE). Only the latest versions will be able to handle the SHA-2 signature.

What are the deadlines?

From 13 June 2016, your browser and operating system must support:

Desktop operating systems before Windows 7 (and server operating systems before Windows Server 2008 R2) are NOT compatible. Other operating systems (and browsers) may require configuration changes to meet the security requirements.

The protocol will change on June 13 2016. Some time after that your bank will issue you with new smartcards with the new 256 bit certificate. Although you will be able to sign into Bacs with an existing certificate, you must be ready to handle the new protocol by that deadline. If your computer, operating system, Bacs software and browser are not all compatible with the new protocol you WILL NOT be able to sign into Bacs to make your payments and direct debits.

What do you need to do now?

All existing Mosaic Software customers using our Bacscom and Mandate software, who currently have a support contract, should be aware that they will automatically start to receive upgrades to the software FREE of charge. The upgrades are scheduled to commence during February and are due for completion by the end of April. If you are currently using Bacscom Cloud then you are already compatible with the new security protocols.
If you are not a customer of Mosaic Software you will likely find that your Bacs solution supplier will be charging for the upgrade, in many cases those charges may amount to more than a new installation from us. If this is the case please contact us for a quote to replace your existing Bacs approved software.

If you have any questions or doubts then please contact us using the quick enquiry form.
Bacs also have more detailed information on their website chick here