A failure by small businesses to conform to new security protocols has forced Bacs Payment Schemes (Bacs) to extend the deadline for companies to upgrade to new payment security measures by three months
Originally Bacs set a deadline of 13 June for all businesses to make sure their software and systems supported the new protocols. This has now been set as 19 September 2016.
The move comes after Bacs discovered that around 1,000 companies had failed to take the necessary action to ensure their payment systems are compatible with new payment security measures, and so risked being unable to pay staff and suppliers.
The security changes - called SHA-256- SSL - are driven by the global internet community, which will adopt these improved security measures at the end of this year. At that stage, all organisations needing to communicate securely with users across the internet and via extranets will be impacted.
Bacs is making the change early to avoid any last minute issues when the existing SHA-1 certificates are switched off at the end of the year. At the same time, the company is withdrawing support for older connection protocols, with only TLS 1.1 and 1.2 supported after the deadline.
Mike Hutchinson, Bacs’ director of scheme support and development, said: ‘We have been telling businesses about these changes for well over a year, and we’re really disappointed that some haven’t taken us seriously. This is the last chance for them to do so – if they don’t make the necessary upgrades by the new deadline, they won’t be able to use Bacs to pay staff or their suppliers; they’ll have to make other arrangements.’
Bacs says there will be no possibility of a further extension after the final deadline, so any business choosing not to adopt compatible software upgrades, and an operating system that will support the changes, will have to make alternative plans for payments.
There are details about the move to the new security protocol on the Bacs website here