Building a Secure Bacs Payments Process with the Right Partner
In the second of this two-part series, learn how the stability of electronic payments can be made simpler with enhanced security protocols and robust, agile architecture
By Liz Carroll, Senior Product Manager, Financial Marketplaces at Finastra
Prioritising resilience in the payments process is not just a matter of convenience, but a necessity for maintaining the stability of electronic payments, especially in a market that is as dynamic as the UK. Leading payment service providers offer distinct security protocols that make this priority more efficient and secure, helping to ensure resilience at every level of your payments landscape.
Bacs Direct Credit emerged as the second most frequently employed payment method by businesses in 2022, with 32% of payments being processed this way, and this volume is anticipated to remain consistent through 2032. Its popularity is clear when we consider that 80% of individuals in the UK receive their wages through Bacs Direct Credit transfers, further underscoring the need for payments security.
Unfortunately, despite the widespread use of Bacs payments, many companies continue to overlook security when assessing service providers, highlighting a significant gap in the vendor evaluation process. It is often assumed that providers understand and embrace the importance of keeping customer or employee data safe, but leading providers stand apart from the rest in this space.
When evaluating your service provider, or if you are seeking a new relationship, it is vital to ensure their technology can deliver five key security capabilities:
- Leading Security Standards
It is important to not assume all vendors are up to date on all industry standards. Adherence to the latest in security standards is critical to keep data safe and ensure prompt efficient transaction processing.
Mature information security and information technology policies and processes must be coupled with a rigorous oversight program to ensure that defined security standards are met. Data centers used should be accredited to relevant standards, such as USI/IEC 27001, ISO 22301, and ISO 9001.
Cyber Essentials Plus certification ensures certain qualifications are met through independent testing and assurance. These include technical controls such as boundary firewalls and internet gateways, a secure configuration, access control, malware protection, and patch management.
- Communication Protocols
When evaluating technology providers, always ask about SFTP (Secure File Transfer Protocol) security protocols and API calls. These are two powerful tools designed to securely transmit data, ensuring the confidentiality of sensitive financial data.
SFTP employs strong encryption and authentication mechanisms, creating a secure avenue for exchanging data, such as bank account or payment details. The advantages of API calls extend beyond secure data transmission, allowing organisations to receive data in response to a request. This two-way communication enables real-time monitoring of payments, helping organisations track the status of transactions, identify issues or discrepancies, and ensure payment integrity.
- Disaster Recovery and Contingency Plans
Always ask a potential service provider how they would manage your payments if they experienced a critical server failure. If the provider has a robust disaster recovery and contingency plan in place, your transactions will continue in the event of a challenge such as a natural disaster.
Disaster recovery plans provide a structured framework for swiftly responding to disruptions, outlining the steps to be taken in emergency situations to minimise downtime and ensure payment continuity. Similarly, contingency plans protect the payments process by establishing preventative measures that mitigate the impact of identified risks, encompassing a wide range of scenarios.
When it comes to implementing these plans, robust architecture is essential. Capabilities such as multiple data centers, backup power supplies, redundant internet providers, and dynamic capacity management will support a fast and agile response to challenges reducing the likelihood of prolonged disruption.
- Single Sign-On (SSO)
With SSO security in place, businesses can easily add or remove user privileges without logging into multiple disparate systems, allowing for increased automation and standardisation of security. Companies can easily eliminate access to sensitive data while gaining additional monitoring capabilities.
- Ensuring Upstream Security
While the security protocols enforced by your service provider offer critical controls when it comes to building a resilient payments operation, it is only one step in the process. Organisations must also consider the resilience of upline systems, the products and services used within the organisation. The high-level standards employed by a service provider must also be replicated across each of the system that generate payment data.
In today’s fast-paced business environment, companies need Bacs solutions that offer unparalleled security and efficiency. No two businesses are alike, and neither are their payment flows. However, optimal security protocols are needed across the board. When selecting a payments provider, they should have experience in supporting all environments to ensure the best performance now and into the future. Finastra’s Bacsactive-IP exemplifies this standard by offering a wide range of modules, giving customers the ability to build the most effective solution for their needs.
To find out more about Finastra Bacsactive-IP, click here.