Hundreds of small and medium-sized organisations could lose their ability to make electronic BACS payments via their banks next week after failing to make vital IT security upgrades.
SMEs, charities and other small organisations will be unable to process vital payments because they have failed to adopt SHA-256 SSL encryption as mandated by BACS. The organisation estimates that as many as 1,000 organisations, and possibly more, will be affected.
The changes result from security flaws uncovered in SSL certificates going back to the 1990s, which have remained in use until recently. The BACS mandate comes in advance of a wider move to phase out the old and insecure certificates. Browser makers such as Google are also phasing out support for the obsolete security technology.
BACS said in a statement: "These changes are necessary because the internet community is adopting new security certification called SHA-2 which will affect the requirements for accessing secure services, like our Payment Services Website.
"At the same time, we are withdrawing support for older connection protocols to provide even more protection for the communications pipeline between the Payment Services Website and the service user. From 13 June 2016 we will only support TLS 1.1 and 1.2."
Direct and indirect submitters will be affected, and will need to upgrade their systems accordingly to continue using the BACS system.
Mike Hutchinson, director of scheme support and development at BACS, explained that SMEs should have received plenty of notification of the changes, but that many still hadn't acted.
"We are really disappointed that a number of organisations have not acted on urgent communications about important changes they must make to their payment software. We have been telling them this for more than a year," he said.
"If you're a small business, you should check now whether you have the right software and operating system in place to make important payments, like payroll as well as to settle invoices. If you work for a small business, ask your finance team if they've made these changes."
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere