Hundreds of small businesses risk being locked out of BACS payment system

1,000 SMEs still haven't adopted new security measures - and could lose ability to pay staff and suppliers electronically

As many as 1,000 small and medium-sized businesses risk being locked out of the BACS payments system from next week, unable to pay staff and suppliers, after failing to implement critical IT security upgrades.

The organisations will be unable to process vital payments because they have failed to adopt SHA-256 SSL encryption to secure the connections they use to make payments. BACS estimates that as many as 1,000 organisations - possibly more - could be affected.

The security changes result from flaws uncovered in SSL certificates going back to the 1990s, which until recently have remained in widespread use. The BACS mandate comes in advance of a wider move to phase out the old and insecure certificates, with browser makers such as Google also phasing out support for the obsolete security technology.

In a statement to users, BACS said: "These changes are necessary because the internet community is adopting new security certification - called SHA-2 - which will affect the requirements for accessing secure services, like our Payment Services Website. At the same time, we are withdrawing support for older connection protocols to provide even more protection for the communications pipeline between the Payment Services Website, and the service user. From 13 June 2016 we will only support TLS 1.1 and 1.2."

Both direct and indirect submitters will be affected, and will need to upgrade their systems accordingly in order to continue using the BACS system.

BACS' Mike Hutchinson, director of scheme support and development, said that SMEs should have received plenty of notification of the changes - but many still hadn't acted. "We are really disappointed that a number of organisations have not acted on urgent communications about important changes they must make to their payment software. We have been telling them this for more than a year," said Hutchinson.

He added: "If you're a small business, you should check now whether or not you have the right software and operating system in place to make important payments, like payroll as well as to settle invoices. If you work for a small business, ask your finance team if they've made these changes."