The web is always evolving. Changes take place where the internet community consider and respond to technical developments and security improvements to better protect web users from cyber threats.
What is SHA-2?
Major internet browsers, including; Chrome, Internet Explorer, Firefox and Safari phased out support for SHA-1 SSL Certificates in 2016. At the time they advised secure internet sites and web-based software providers to upgrade their certificates to use signature algorithms with hash functions that were stronger than SHA-1, such as SHA-2.
As a result, any secure site that needed to protect sensitive unclassified data were required to update their certificates to stronger encryption.
How does SHA-2 affect Bacs Payments Processing?
In response to these announcements, Bacs decided to upgrade to SHA-2 certificates, with changes being implemented on 13th June 2016. Simultaneously, Bacs also withdrew support for older connection protocols, to better protect payment files from potential outside threats – since 13 June 2016, Bacs has only supported Transport Layer Security (TLS) 1.1 and 1.2.
Both these changes affected access to Bacs via the Payment Services Website and Bacstel-IP. As a result, any organisation that used a Bacs Approved Software Solution (BASS) for payments and collections to communicate with Bacstel-IP, needed to upgrade to meet these security standards.
At the time, AccessPay offered this upgrade free of charge to all our customers and no changes were required – all upgrades were provided centrally.
Are Smart Cards and HSM Certificates affected by SHA-2?
SHA-2 is the encryption algorithm used on all Smart Cards and HSM certificates. Previously all Smart Cards and HSM certificates were SHA-1 encrypted.
In 2016, Sponsoring Banks (the providers of Smart Cards and HSM Certificates) began to issue SHA-2 compatible Smart Cards. Each sponsoring bank followed their replacement programme, however, due to a three-year shelf life of an average Smart Card, some SHA-1 Smart Cards were still being issued in 2016. As of August 2019, most Smart Cards are now SHA-2 compatible.
All Smart Cards and HSM Certificates issued by AccessPay are SHA-2 compliant.
Are you affected by the SHA-2 security deadline?
Considering the SHA-2 upgrade was a mandatory change enforced by Bacs in June 2016, some Bacs Approved Software Solution providers have been using these quite simple, mandatory changes to tie customers into long-term contracts with costly upgrades to their existing payments systems.
What you need to be aware of:
The same Bacs Approved Software Suppliers have used Open Banking, New Payments Architecture and other regulatory goings-on to tie customers into long-term contracts with costly upgrades to their existing payments systems – these misconceptions have been discussed in this free guide: Dispelling the Myths around UK Payments
So why all the talk about SHA-2 deadlines?
With an imminent “End of Life” approaching for some Windows-based Server products [January 2020], organisations that are using on-premise Bacs Approved Software Solutions are being told by their current payments software suppliers to upgrade to a cloud-based payments solution – another tactical way to manoeuvre businesses into a long-term contract.
AccessPay insulates its customers from Windows updates, growth in transaction volumes, or even future Bacs changes, with their Software-as-a-service (SaaS) model, where all software upgrades and updates are free of charge – with no end of life.
For further information, see the official Bacs response here.
Important Information for On-Premise Bacs Payments Software users
If you are using an on-premise Bacs Approved Software Solution and are being told you have to upgrade to a cloud-based alternative, we recommend you explore all the options available to you.
You could simply accept the upgrade and pay the substantial migration cost and high ongoing charges, or alternatively, you could speak to one of our UK Payments & Collections Specialists who will be happy to discuss matters further and help you plan the next course of action.
Does SHA-2 affect AccessPay clients?
- If you are an existing AccessPay customer, there is nothing you need to do. We upgraded all our customers FREE of charge via the cloud, with automatic updates being applied to our cloud-based Bacs Approved Software solution before the allocated deadline in June 2016.
- If you became a customer after June 2016, you have received only SHA-2 compliant Bacs Approved Payments software, Smart Cards and HSM Certificates.
- If you have any questions, you can always contact the AccessPay Technical Support Team, who will be more than happy to assist you.
- Bacs decided to upgrade to SHA-2 certificates, with changes being implemented on 13th June 2016.
- In 2016, Bacs withdraw support for older connection protocols – Since 13 June 2016, BACS has only supported Transport Layer Security (TLS) 1.1 and 1.2.
- SHA-2 is the encryption algorithm used on all Smart Cards and HSM certificates.
- Only organisations using Windows-based Server products that are reaching “End-of-Life” need to consider their options when it comes to Bacs Approved Software Solutions for payments and collections.
Want to know why more and more businesses and public sector organisations are choosing AccessPay for Bacs Approved Software? Click here.
This article was about: payments