As part of our commitment to keep you informed of security updates, industry change and third-party software vendor changes, we are updating all customers on the final phase of Bacs security updates. Customers using deployed software solutions must contact us before July 2021 to ensure your ability to make payments is not affected.

What's happening?

In 2015, Bacs began a program of security updates to the way Bacs and Bacstel-IP work to ensure they remain secure against cyber threats. This program was split into phases, with the first phase (TLS migration) completing in 2016.

Following this, Bacs & the banks began a Phase II of the cyber security update that involved the replacement of all smartcards and HSM certificates with improved versions as they expired. This program is now ending, as all older smartcards & HSM certificates will have been replaced by July 2021.

The final stage of the cyber security update is for all Bacs Approved Software Suppliers to update their customers’ solutions to use SHA-2 when creating digital signatures, allowing Bacs to remove older methods that could be less secure in future. Bottomline is working with Bacs and our customers to ensure updates are complete by July 2021.

Get in touch with our team by calling 0118 925 8250


What does SHA-2 mean?

Transactions between the Bottomline payments software and Bacs are managed with secure encryption, this stops cyber criminals accessing or changing information in transactions. This was upgraded in 2016 as part of the Transport Layer Security (TLS) changes.

When you sign on or submit files to Bacs a second layer of protection, a Digital Signature is used to confirm your identity and that the file has not been altered in any way. SHA-2 is an upgrade to the strength of this Digital Signature, ensuring your files stay completely protected against cyber threats.


How does it affect me?

In order to move to the newer SHA-2 standards, updates need to be made to your Bottomline deployed payments solution (including versions of C-Series, ePay, and Bacway) before July 2021 and to your signing software if you are a smart card submitter (this may impact you even if your solution has been upgraded, or you have migrated to PTX). Once the changes are made, you will be able to continue using Bacs as normal.

If you do not make the required changes then you will be unable to submit payment files to Bacs when the older standards are removed. This is because they will no longer be able to recognise Digital Signatures without SHA-2.


What do I need to do?

Check with your bank

If you use smartcard signing software, check with your bank to obtain the latest version (must be version 6.3 or higher) - this needs to be installed on every computer that uses a smart card. Talk to your IT team about deploying an updated version if necessary.

Talk to us about your options

Working with Bacs, we need to ensure all Bottomline customers take the necessary steps to be ready for SHA-2 by July 2021 so that there is no disruption to your payments processing. To help you prepare for this your Account Manager is on hand to provide more details, walk you through the options and also schedule any necessary Bottomline customer support activity.

Plan to be compliant before June 2021

Updates often take time to schedule in many businesses, don’t leave it until the last minute and put your continuity of payments at risk. We are here to help and plan your changes well before the deadline.


What about PTX?

If you are also one of the many customers that use our cloud solution PTX and are using non-compliant signing software, don’t worry – we’ve got you covered, once you have the latest signing software from your bank, you can easily update your settings in PTX, without the need to contact us. There is a step by step guide available on PTX.


Further information from Bacs

Bottomline are working closely with Bacs through this transition. Bacs have put up an FAQ on their website regarding SHA-2.

footer curve