Last month we got two months notice that the BACS submission system we use (Experian) was end of life. Do these people have no clue how slow banking stuff moves?
So, the good news, my management team (Alex/Andrew) investigated a number of solutions. Most would stand no chance of being up and running in the time frame. But of a couple of options could be: one was by the company doing the Experian s/w (they took them over!) which could magically "support" the Experian system after "end of life" if we are onboarding (horrid word) their new system.
However we picked someone else - InterBACS, who are clearly technically clued up and have allowed us to get working very quickly.
What are BACS submissions?
There are two main reasons you want to send files to BACS, one if Direct Debits (getting money from people), and one is Direct Credits (paying people). Direct Debits actually have special messages for setting up and cancelling Direct Debits as well as the actual payment connection messages. These type of direct credits are usually for payroll and is the older system, not to be confused with Fast Payments. Either way the process takes two banking days, and then the money moves. A reliable system. There are also a load of BACS reports we have to get, which include reports on the submission, and on changes to Direct Debits by banks, people moving to new banks and accounts, errors, bounced Direct Debit collections, and clawed back Direct Debit payments. These can actually be downloaded from the BACS web site.
Three ways to make BACS submissions.
It looks like there are three ways to do BACS submissions (and get reports). I thought there were only the first two, but we discovered InterBACS do a third way.
One of the simplest ways is dealing with a BACS bureau - they accept a file from you, and authenticate you by whatever means they agree, and they send the file to BACS for you.
In most cases they don't actually take a "file", but "manage" Direct Debits for you, so you tell them a new customer, and how much they are paying every month - they then send the notice to the customer, and do the payments, and so on. This is ideal for a gym or the like, and can mean a simple web interface to manage regular customer payments.
2. Direct submission
For direct submission you have software to send files to BACS directly. This is what we had with the Experian system. It means we have a BACS user and smart card from the bank. This is used to sign the submission file, and to log in to BACS (to send the file and get reports). The signing code only works on windows, which is a tad annoying - the only windows machine we have. This is usually cheaper than a bureau.
3. Web based direct submission
This was new to us, and what InterBACS do. They have a web based system, allowing us to upload a submission file to them. Then, via the web page, log in to BACS - they log in, but they have the web browser (or a separate app depending on the browser) do the signing for the login using the card signing and card on our windows machine. So it is logged in, remotely. Similar they do signing the submission file remotely using the card on our windows machine. They get BACS reports and allow us to download them. It means we don't have to install BACS software, just the card signing stuff from the bank, and use a browser.
The also have a bureau service, and also have a whole management package for people just wanting to set up monthly payments, etc.
There is another option, but very expensive. The bank could provide a hardware security module certificate, which we either have an (expensive) HSM, or have the certificate loaded on InterBACS's HSM. This allows the whole logging in to BACS and signing the submission without a manual use of a card and PIN. I.e. it can be fully automated. Sadly it is way too expensive to be remotely viable.
Experience with InterBACS
We picked them as they seemed clued up and very responsive. They were very quick to sort things out and the whole thing just works. So quite impressed.
Also, they were responsive when we needed minor changes - a bulk save of all reports rather than selecting each one, etc.
We are now up and running with them in only a few weeks. Indeed, in hindsight, it could have been under a week, had the deadline been even closer, but we were a little cautious with lots of testing first.