For most organisations, it is imperative to maintain an uninterrupted service to Bacstel-IP due to the critical nature of their payment applications. Problems can potentially occur at any stage of the payment submission - in the signing process, during communications to Bacs or within the server or infrastructure.
Signing process
Organisations will need to mitigate against problems within the signing process including:
- failure of individual Smartcards
- failure of Smartcard readers
- failure of Hardware Security Modules (HSMs)
- unavailability of cardholders
- sponsoring bank revoking a user’s credentials.
Experian Payments recommends that organisations utilising Smartcards should apply for and configure multiple Smartcard users, whilst HSM users should implement a cluster of HSMs.
Communications
Irrespective of whether organisations are utilising the internet or fixed, dial-up or broadband DSL extranet, consideration should be given to alternative communication arrangements. Experian Payments recommends that organisations should implement, in addition to their chosen primary communication method, a physically separate connection method for contingency.
Server / infrastructure failure
To ensure business continuity in the event of an infrastructure failure such as a fire, virus, power or main server failure, Experian Payments recommends that organisations replicate their systems at alternative locations. In addition organisations should also implement regular server back-ups, firewall security and third party virus checking software as part of their contingency arrangements.
Bureau contingency
It may be preferable for some organisations to consider using a commercial Bureau as a contingency solution rather than establishing an alternative capability. Experian Payments recommends that organisations:
- establish a Service Level Agreement with their chosen bureau
- consider the time it will take to complete a bureau submission (usually longer than a direct submission because of the need to transfer the file to the bureau)
- check that their chosen bureau’s solution can accept their payment file format as well as signed files
- inform their sponsoring bank of their contingency bureau arrangements
01/01/06