Bacs extend deadline date for new security requirements

10 June 2016

Bacs reported recently that around 1000 businesses have failed to make the necessary changes to meet the 13 June deadline. These businesses risked being unable to pay staff and suppliers , forcing Bacs Payment Schemes Limited to step in and give them a grace period in order to make sure they can meet their payment commitments. The new deadline has been set as 19 September 2016.

Bacs’ Mike Hutchinson said:

“We have been telling businesses about these changes for well over a year, and we’re really disappointed that some haven’t taken us seriously. This is the last chance for them to do so – if they don’t make the necessary upgrades by the new deadline, they won’t be able to use Bacs to pay staff or their suppliers; they’ll have to make other arrangements.”

The security changes - called SHA-256- SSL - are driven by the global internet community, which will adopt these improved security measures at the end of this year. At that stage, all organisations needing to communicate securely with users across the internet and via extranets will be impacted. Bacs is making the change early to avoid any last minute issues when the existing SHA-1 certificates are switched off. At the same time, the company is withdrawing support for older connection protocols to provide even more protection, with only TLS 1.1 and 1.2 supported after the deadline.

Businesses choosing not to adopt compatible software upgrades, and an operating system that will support the changes, will have to make alternative arrangements to pay staff and suppliers after 19 September. They will not be able to access Bacs after that final deadline, and there will be no further extension to the date.