Will Your Payment Processing Break Due To Mandatory Security Update? – 2017 Deadline Approaching for TLS 1.2 Requirement
The PCI Security Council has mandated that online merchants who accept credit cards must upgrade from the older SSL and early TLS security protocols, to the newer TLS 1.2 protocol. The required implementation dates to remain in compliance have changed multiple times, causing merchant confusion. To further this confusion, individual gateways and processors have their own implementation timelines for TLS 1.2 support.
Due to recent high profile attacks, some vendors have decided to expedite the transition to TLS 1.2 and completely end support of the older, less secure protocols. This was primarily done because of the known risks of the older security protocols and the PCI Security Council’s assessment of the risk to merchants. The PCI Security Council has stated, “The vulnerabilities within SSL and early TLS are serious and left unaddressed put organizations at risk of being breached.” Because of these known risks, payment technology vendors have become more aggressive in their implementation timeframes and are in the process of deprecating the older protocols beginning in 2017.
One such company is PayPal. PayPal just recently turned off support of the older protocol for test environments and will completely stop supporting the older protocols by June 30, 2017. FOR MERCHANTS USING A PAYPAL PAYMENT GATEWAY WHO HAVE NOT UPGRADED THEIR SYSTEMS TO SUPPORT TLS 1.2, CREDIT CARD PROCESSING SERVICES WILL NO LONGER WORK AFTER THAT DATE.
Dates to know:
- PCI Security Council original date of TLS 1.2 compliance was 2016
- PCI Security Council new date of TLS 1.2 compliance is June, 2018
- PayPal testing environment ended support of older protocols on February 15, 2017
- PayPal production environment ends support of older protocols on June 30, 2017
How do you ensure you will be able to accept credit card payments after the June 30, 2017 deadline? The first thing merchants should do is contact their systems providers to determine all of the payment gateway connections their solution employs. Merchants should then verify that their solution has been upgraded to support the TLS 1.2 protocol. This often times reveals a spider web of connections. Many solution providers support a variety of gateways to reach a particular processing platform.
In the example of PayPal, merchants may be unaware that their payment acceptance solution could utilize technology from PayPal even if they do not accept PayPal as a form of payment. PayPal Holdings, Inc. has acquired various payment technologies and companies (i.e. PayFlow Pro, BrainTree, Venmo, etc.) that many payment solutions employ in the background. If a merchant’s solution utilizes a PayPal gateway and hasn’t been upgraded to support TLS 1.2, it will stop functioning after the June 30, 2017 date.
To avoid credit card acceptance interruption and protect yourself against malicious attacks, you should:
- Upgrade your systems to support the latest security protocol TLS 1.2
- Start your upgrade process today. System upgrades take time and a backlog is already forming with many vendors. This will result in many merchants unable to accept credit card payments after June 30, 2017
- Nodus customers should contact Nodus Support to discuss their upgrade options and ensure that the software versions they are using support TLS 1.2
- Migrating from SSL & Early TLS webinar by PCI Security Standards Council
- Date Change for Migrating from SSL and Early TLS
- PayPal TLS 1.2 and HTTP/1.1 Upgrade Microsite
- Nodus TLS 1.2 Security Update
Chester Ritchie is the President of Nodus Technologies (http://www.nodus.com). Nodus is a certified Microsoft Gold Level Partner for payment software within the Microsoft Dynamics family of accounting systems. Nodus products allow users of Great Plains (GP), Solomon (SL), and AX to accept electronic payments inside of the accounting system. Accounting entries related to payments are automated and cash flow is increased.
Nodus Technologies strives to develop great products, and we also work hard to continually improve them. Taking into consideration user feedback, industry research, and thoughts about the ever changing future, we put in extensive effort to release better versions of our products every year.
Nodus is proud to present the official release of ePay Advantage 5.0 Service Pack 1. ePay Advantage is our online bill presentment and payment solution that will allow your customers to go online and pay their outstanding invoices. It helps automate your accounts receivable process and cut down on PCI challenges. The latest version of ePay Advantage was released Tuesday, October 28th and is now compatible with Dynamics GP 2013 R2. ePay Advantage 5.0 provides users with a list of anticipated new features, bug fixes, performance improvements and security enhancements.
One of the most groundbreaking updates of ePay Advantage 5.0 is its seamless integration with Nodus PayFabric, a hosted, cloud-based processing engine. ePay with PayFabric can help merchants reduce the challenges of PCI Compliance by collecting and processing sensitive payment information without ever having it touch their environment. Using ePay with PayFabric, you can use multiple gateways and processors, and you can choose to not store any credit cards or ACH numbers within your local networks.
In addition to PayFabric, ePay 5.0 users can also:
- Customize PDF versions of invoice details
- Choose which landing page customers will be directed to when applying the single sign-on feature from an existing website to ePay Advantage
- Separate Address Verification and Zip Code Verification which will give the freedom to customize security options
For a complete list of all new features and updates, please contact us today to request the ePay 5.0 release notes or schedule a live demo with our sales team.
(909) 482-4701 or firstname.lastname@example.org