Thales SafeSign Helps Build the Next Generation Payments Infrastructure

BACS (Bankers Automated Clearing System), the UK ACH service, Is One of The Largest And Most Successful Money Transfer Organisations Worldwide. Its Direct Debit and Direct Credit Services Process Over 60m Payment Items In a Busy Day, On Behalf of Over 100,000 UK Businesses.

BACSTEL is the access mechanism used for submission of all of these payment instructions. It has been operating for over 20 years with superb reliability and efficiency, consistently exceeding all operation targets. However, the infrastructure of BACSTEL is now aging rapidly, proving more expensive than more modern alternatives to operate and lacking the flexibility to support new, innovative services.

As the first phase of its ambitious 5 year technology renewal programme, NewBACS, BACS has introduced a replacement for this access network, called BACSTEL-IP. Rather than opting for a conservative, direct replacement strategy, BACS has devloped a truly innovative solution, using state of the art security technology to deliver a platform for dramatic improvements in the services offered to business users, substantial cost savings and, perhaps most important of all, the delivery of advanced new payment services to keep the UK at the forefront of electronic commerce developments.

BACSTEL-IP required a comprehensive security solution to strongly authenticate users, ensure traceability of all transactions and provide a robust audit trail. Users access the system using a cryptographic smartcard issued by any of the member banks. The same smartcard is used to digitally sign all payment instructions, tying them to the signer and ensuring that they cannot be accidentally or deliberately altered. Each bank has the flexibility to select its own Public Key Infrastructure (PKI) for the issuing of the digital certificates used on this card.

Building a Secure National Payments Infrastructure

The solution had to scale to over 500,000 users, support over 100 million payment items per day and interoperate with 12 banks, operating 7 different PKI systems with 5 different smartcard manufacturers.

After lengthy evaluation, BACS selected Thales SafeSign Service Centre to authenticate users, ensure traceability of all transactions and provide a robust audit trail.

n order to support the simultaneous connection to 12 banks required by BACSTEL-IP, Thales developed a unique multi-channel validation capability for SafeSign. This removes the complexity of support for multiple PKIs from the BACS application, and ensures compatibility with all relevant PKI standards.

Benefits for Business Users:

  • Strong, smartcard security gives protection from unauthorised transactions
  • Near real-time payment status reporting
  • Reduced processing costs resulting from 100% electronic reports
  • Faster payment submission using IP technology
  • Enhanced control over payment authority and delegation
  • Tighter risk management through individual authorisation and real-time checking
  • Strong audit trail reduces risk of transaction disputes
  • Strong protection of customer data in transit and in processing
  • Substantial process cost savings through reduction of paper and manual intervention
  • Near 100% straight through processing, as data quality is guaranteed

SafeSign is used to authenticate the holder of the smartcard, by generating a random challenge to be signed using the smartcard and PIN and verifying this cryptographically against the users Public Key Certificate. SafeSign also digitally signs the reports sent by BACS to users, and verifies the signatures on all incoming payment instructions. All digital certificates used are verified in real time against the issuing bank, ensuring that lost or stolen cards cannot be used to sign transactions, and that changes in employee status are reflected in the system as soon as the bank is made aware of them. This substantially reduces the risk of fraud compared to the old system.

To minimise time to market and reduce project risk, the Thales project team worked closely with the other vendors involved in the project, and fully involved the BACS technical design and implementation teams throughout the development cycle. This approach contributed significantly to the successful ontime delivery of the overall solution.

Innovation on a National Scale

Early customer reaction to the new BACSTEL-IP service has been very positive, with over 75% of users expressing the intention to migrate to the new solution as soon as it is available to them. In the same survey, users rated the enhanced security of the new system the number one benefit to their business.

Users particularly value the ability to tightly define payment permissions for individuals in the business, allowing delegation of signing responsibility to specific cardholders within subsidiaries or departments whilst retaining full control at a corporate level.

BACSTEL-IP is a world-leading project, providing the UK with the most advanced, flexible and cost effective system for electronic payment submission anywhere in the world. It provides a platform for the integration of payments into electronic supply chain and business re-engineering solutions, and will encourage the deployment of end-to-end ecommerce solutions. It gives the UK financial services industry an internet-age solution to the delivery of corporate and business payment services, and a platform to compete in European and global payment clearing markets. BACSTEL-IP positions the UK financial institutions to offer new, innovative payment services for UK businesses, which will substantially improve the competitiveness of the UK economy.

Company Profile

Bacs Corporate

Bacs is a not for profit, membership based, industry body, which in 2009 was responsible for processing more than 5.6 billion UK payments with a total value of £3.83 trillion GBP.

It is owned by 16 of the leading banks and building societies in the UK and Europe. It has been at the heart of the payments industry for over 40 years and is responsible for the schemes behind the clearing and settlement of automated payments in the UK and maintaining the integrity of payment related services.

At the core of the BACSTEL-IP solution are the digital signature verification and strong authentication services provided by Thales SafeSign.

The unique capability of SafeSign Service Centre to integrate seamlessly and transparently to multiple PKI systems has enabled BACS to deliver this stateof-the-art solution in record time, and with minimum additional application programming.

From agreement of the functional requirements in March 2002, the complete security solution was designed, developed and tested in just 6 months, going into “controlled deployment” (the first stage of production roll out) on schedule at the end of October 2002.

For more information, visit the BACS web site at and follow link to BACSTEL-IP.