With Bacs implementing SHA-2 internet security certification, anyone submitting direct payments will need to upgrade their Bacs approved software solution (BASS) to ensure they can submit securely. Given that this change is imminent, it seemed prudent to discuss whether a cloud-based BASS is more secure than an on-premise alternative.
Internet Security has always been a vital concern to anyone who submits payments online. With this in mind, it’s not surprising that Bacs are implementing the sophisticated level of security that is being adopted by the internet community.
The not-for-profit organisation is taking this action to provide greater protection for communications between their internet-based access points, specifically Bacstel-IP and the Bacs Payment Services Website, and the service user.
When the changes come in to place on 1st June 2016, anyone submitting directly through a Bacs Approved Software Solutions Supplier, will need to have the necessary infrastructure and operating systems in place to support the new security standard.
How will direct submitters be affected?
If you submit Bacs payments directly, you will need ensure that your chosen software platform supports TLS 1.1 or 1.2. Your supplier should be well versed with the new changes and will recommend the necessary upgrades required – and any additional costs involved.
NOTE: Let us stress that if you are an existing AccessPay client, there is nothing you need to do as we are upgrading all of our customers free of charge – which is good news!
To cloud or not to cloud: What’s your SHA-2 migration strategy?
Although the “Cloud” has been around for several years, some finance professionals are still uncomfortable with the idea of processing payments and submitting to Bacs via the cloud. With data breach stories hitting the headlines every week, it’s understandable why many in the industry are reluctant to move away from their on-premise software solution.
It’s understandable that on site infrastructure and physical servers can provide some-level of reassurance around on-premise software. However, with cloud data-centre security significantly more robust than that of on-premise legacy servers, it is understandable why cloud-based software is becoming ever more popular.
With the added benefits of cloud computing such as; limited capex, huge cost savings, automatic updates, business continuity and disaster recovery; alongside increasingly secure online protocols and internet security certifications like SHA-2, it’s no wonder that cloud adoption is on the rise.
What should I do now?
Whilst there’s still a considerable amount of time until the cut-off date, beware that other companies are in the same position as you, and are delaying roll-out until an upgrade is obligatory. By postponing this decision until the eleventh hour, you may well find your business in a backlog, disabling your ability to make payments via Bacs.
Consequently, it would be advisable for you to contact your on-premise / cloud-based Bacs Approved Software Solutions Supplier and request answers to the following questions:
- Do I need to update my software?
- How much will this software upgrade cost?
- Will there be additional capex?
- If there are any future upgrades, are they included?
- How long will the upgrade take to implement?
- Will I have to endure any downtime?
Asking these question will help you further understand the level of work required to administer the SHA-2 changes and will aid you in making a decision on whether you are content with your current direct payment software solution.
Plan now, make changes soon and don’t wait for the deadline
We’d love to hear your comments on this blog post
Be the first to know
If you enjoyed this post, you’ll love our newsletter. Receive the latest updates from AccessPay directly to your inbox, wherever you are.
In a world where corporate transactions take place around the clock, payment delays are no longer acceptable. The Faster Payments Scheme has been at the forefront of meeting this demand, with their 24*7 real-time payment service.
Since its introduction to the UK in 2008, FPS has gained huge momentum, as customers aspired to reduce payment processing times, from three working days using the BACS system, to typically between a couple of minutes to a few hours.
Although this service has significantly reduced payment times, today’s digital savvy and ever demanding customers are looking for a ubiquitous and more immediate real-time payment service regardless of who they bank with – something, which is a challenge for a number of smaller banks and non-traditional payment service providers (PSPs) in the UK.
To deal with this issue, Faster Payments is launching their real time New Access Model, offering a new way to connect to its service and extending its reach to a number of new financial institutions in this space.
Over the last seven years, FPS has handled over four billion payments and is currently responsible for processing around £100 million worth of payments per month.
Whilst these figures are already an achievement, the market has been constrained by the fact that only 11 members connect to FPS directly – With only 2 of 11 participants offering Direct Corporate Access (DCA) to Faster Payments, corporates wishing to submit payments files by FPS are limited in their choice of banking.
In addition to the direct access members, 400 smaller banks and non-traditional PSPs access the platform indirectly through sponsor banks. The cost of being a direct member is unduly high for many of these players, who are also increasingly demanding a real-time 24/7 service. To deal with these issues, Faster Payments is launching its New Access Model in December 2015, offering a new way to connect to the service.
Meet the future of UK payments
The New Access Model, which is an additional way to connect to FPS, goes beyond the traditional models of direct and indirect access, by connecting to existing systems via a technical aggregation service.
The new option being introduced by Faster Payments, will present a software accreditation programme aimed at the vendor and fintech community who in turn can facilitate direct connectivity to the FPS for a number of new challengers and PSP’s. This is intended to create a more level playing field for any bank or PSP that wishes to offer immediate real-time payments where it can utilise an accredited fintech/vendor supplier to provide the technical connectivity to access the scheme.
With Faster Payments introducing the new accredited fintech/vendor model, these new technical aggregators will address the historical technical and financial challenges smaller banks and PSPs have been encountering in accessing the direct participation model and will also offer immediate real-time payments – as opposed to near real-time and same day payments that are perhaps achieved via a bank sponsored indirect model in today’s marketplace.
Should banks be reconsidering direct access to FPS?
With the New Access Model being introduced by Faster Payments, challenger banks and PSPs who have previously accessed via a bank sponsored indirect model will have three options:
- Build an in-house solution – This could be both costly and time consuming depending on the technical requirements and the nature of running 24*7 back-office platforms and operations that are required to achieve real-time payments
- Outsource to an accredited bureau – With bureaus charging for each individual transaction, this method could also be expensive depending on the banks requirement and as such processing payments could be costly
- Utilise a hybrid model – Banks and PSPs could use readymade technical aggregation software that is accredited by Faster Payments Scheme as part of the New Access Model for the fintech and vendor community. With most vendors offering aggregation services on a cost effective subscription basis and some vendors even choosing to abandon additional charges for transactions, the hybrid model could result in a very quick return on investment for any new players entering the market.
By offering an aggregation service for the Faster Payment New Access Model, accredited fintech vendors plan to redefine modern banking practices, by introducing competition to the marketplace. With new challengers and PSPs offering services similar to those offered only by registered FPS members in the past, the UK will enter the next phase in the on-going payments revolution. Can your business survive without 24*7 real-time payments?
AccessPay confirms its commitment to Faster Payments New Access Model
AccessPay has echoed their on-going innovation in the financial services sector, by showing their commitment to the Faster Payments New Access Model from an early stage.
Ali Moiyed, Founder and Chief Architect of AccessPay says: “I am extremely proud that AccessPay is one of only a few fintech vendors with the foresight to sign up to the Faster Payments New Accreditation Programme at such an early stage in its development. AccessPay is an early adopter of new technology and innovation in the payment and cash management sector, and our commitment to the Faster Payments New Access Model shows that we continue to lead the way.”
As one of only eight companies to have signed up to the new accreditation programme, AccessPay is among the few Fintech/Vendors at the forefront of this change who are looking to have their software fully accredited by the end of the year.
Dan Parker, New Member On-boarding Manager at Faster Payments, was instrumental in achieving AccessPay’s commitment to their new model. He says: “I’m delighted to welcome AccessPay to the Faster Payments Accreditation Programme that we are launching as part of our New Access Model by the end of 2015. Upon completion of the accreditation programme, this will enable AccessPay to engage with a host of PSPs with the confidence that their software will be fully accredited by the Faster Payments Scheme, which we hope will in turn attract a new number of Direct Members accessing the Scheme.”
New benefits for AccessPay clients
The Faster Payments New Access Model will enable AccessPay clients to achieve 24/7 real-time payments in a much more cost effective manner. In addition to signing up to the new option, clients will also be granted access to AccessPay’s additional, value-added solutions (in the form of easily installed modules), including; Direct Debit Management, Bacs Payments, SEPA and Global Banking Connectivity. By offering additional services and benefits to our customers, we are confident that our clients’ will be able to deliver a rich user experience of their services to their clients.
By offering an aggregation service for the Faster Payment New Access Model, AccessPay plans to redefine modern banking practices, by introducing competition to the marketplace.