- Bacs, Bureau Contingency, security, Smart Cards
- Bacs, Bureau Service, Direct Debit, Security, Smart Cards
- 13, NOV 2020
Smart Cards & Security
Blog by Sarah Cottee, Training Manager
Recent Direct Debit Training courses have highlighted an increase in Service Users experiencing issues with their smart cards when working remotely due to Covid restrictions. Here, we look at what can cause an issue, how to avoid disaster, and how you can be prepared for recovery should the worst happen.
Issues that could impact your processes include:
A user: is away on leave/is on furlough/is sick/has been made redundant
– Your smart cards break or expire
– You cannot access your office (lockdown)
– You cannot access your current processing solution remotely
Ensuring that you get your Direct Debit files to Bacs as scheduled is essential for any collecting organisation. Failure to do so will mean missed collections, restricted cash flow and (potentially) unhappy customers! Service Users must ensure they have backup plans in place in case of disaster.
Smart cards are simple to use—but when something goes wrong, the whole Direct Debit process can come to a standstill.
What you should be doing to prevent issues with smart cards
Smart card security and protection are paramount. Here are some simple steps you can take:
– Ensure that individuals keep their smart cards with them – not locked in a drawer in the office (and therefore unobtainable if access to the office is not possible).
– Ensure smart card software is installed on your back-up machine. It is often overlooked, but without it, you will not be able to authorise submissions. If you use a cloud solution, you may be able to access it from anywhere with Internet access, but if you cannot submit a file because you have not installed a smart card reader then it doesn’t help you ensure your collections.
– Ensure you keep your security contact details up to date at the bank and at Bacs. If not, the bank/Bacs may be unable to accept verbal instructions regarding your Direct Debit files as they won’t recognise the individual’s authority to provide them.
– Do not share smart cards or PIN details. They are issued to a named individual, and any transactions authorised by that card are the responsibility of that individual.
– Always have more than one smart card active at anyone time to ensure the ability to process in case of loss/damage to one of the cards. Do not forget that if you lock out your smart card with too many wrong password entry attempts, you will need to order a new card from your sponsoring bank, and it could take up to 2 weeks to come through. How will you submit files during this time?
– Do not leave smart cards plugged into the smart card reader after submitting the Direct Debit files. This helps ensure that cards do not get lost or damaged.
– All smart cards have an expiry date (it’s written on the front of every card). Make sure you know when a card is due to expire so you have enough time to order your replacement before it runs out.
As well as smart card security, you need to think about smart card reader security, and include procedures for smart card in network security management.
How confident are you of your Direct Debit system’s resilience?
Are you confident that your organisation’s Direct Debit system is resilient and recoverable? Will it continue to operate despite serious incidents or disasters that might otherwise interrupt it? Or can you ensure it will be recovered to an operational state within a reasonably short time frame?
Do you have a contingency plan in place?
Don’t forget, when it comes to Direct Debit the best back-up plan you can have is linking to a Contingency Bureau. This means you can continue with your current processing solution, but if something goes wrong you have a Plan B. When using a Contingency Bureau you don’t need smart cards.
We can help
As well as Direct Debit Training and Consultancy Services, Clear Direct Debit offers a Bacs Bureau Service. For further details about our Bureau contingency offering please see our website or contact the team at firstname.lastname@example.org.