14th June 2016
Bacs has warned businesses that there will be no further extension to the planned SHA-2 security changes, following a last minute reprieve for those companies that had failed to update their payment infrastructure by the 13th June deadline. IRIS FMP Payroll Services have been all over this since last year, warning companies of the impending deadline.
Failure of companies to update their payment software and infrastructure by the new deadline 19th September 2016, will see them at risk of being locked out.
The grace period of 14 weeks should ensure companies are able to access Bacs to pay their staff, suppliers and collect Direct Debits and payment reports. After 19th September, Bacs have indicated that there will be no further extension to the SHA-2 deadline and those companies will need to make alternative arrangements for payments.
Companies who have missed the deadline need to ensure they take action immediately, whether they process in-house or through a bureau.
Microsoft desktop operating systems before Windows 7 will not be compatible. Neither will server operating systems before Windows server 2008 R2. Check with your IT provider that your browser and operating system supports these security changes.
If you are a direct submitter, check with your Bacs Approved Software Solutions provider that your Bacstel-IP software currently supports, or will be upgraded to support, SHA-2 certificates and TLS 1.1/1.2.
Finally, you should undertake a review of your payroll immediately. You may have missed the deadline because you were unaware of this change. It may well be that your payroll provider has not got their house in order. Either way a critical change has been missed. If you aren’t on top of payroll change, are disappointed with your providers response, or are inundated with payroll administration perhaps it’s time to change.
Full details of the revised Bacs deadline can be found here.
