Will Your Payment Processing Break Due To Mandatory Security Update? – 2017 Deadline Approaching for TLS 1.2 Requirement
The PCI Security Council has mandated that online merchants who accept credit cards must upgrade from the older SSL and early TLS security protocols, to the newer TLS 1.2 protocol. The required implementation dates to remain in compliance have changed multiple times, causing merchant confusion. To further this confusion, individual gateways and processors have their own implementation timelines for TLS 1.2 support.
Due to recent high profile attacks, some vendors have decided to expedite the transition to TLS 1.2 and completely end support of the older, less secure protocols. This was primarily done because of the known risks of the older security protocols and the PCI Security Council’s assessment of the risk to merchants. The PCI Security Council has stated, “The vulnerabilities within SSL and early TLS are serious and left unaddressed put organizations at risk of being breached.” Because of these known risks, payment technology vendors have become more aggressive in their implementation timeframes and are in the process of deprecating the older protocols beginning in 2017.
One such company is PayPal. PayPal just recently turned off support of the older protocol for test environments and will completely stop supporting the older protocols by June 30, 2017. FOR MERCHANTS USING A PAYPAL PAYMENT GATEWAY WHO HAVE NOT UPGRADED THEIR SYSTEMS TO SUPPORT TLS 1.2, CREDIT CARD PROCESSING SERVICES WILL NO LONGER WORK AFTER THAT DATE.
Dates to know:
- PCI Security Council original date of TLS 1.2 compliance was 2016
- PCI Security Council new date of TLS 1.2 compliance is June, 2018
- PayPal testing environment ended support of older protocols on February 15, 2017
- PayPal production environment ends support of older protocols on June 30, 2017
How do you ensure you will be able to accept credit card payments after the June 30, 2017 deadline? The first thing merchants should do is contact their systems providers to determine all of the payment gateway connections their solution employs. Merchants should then verify that their solution has been upgraded to support the TLS 1.2 protocol. This often times reveals a spider web of connections. Many solution providers support a variety of gateways to reach a particular processing platform.
In the example of PayPal, merchants may be unaware that their payment acceptance solution could utilize technology from PayPal even if they do not accept PayPal as a form of payment. PayPal Holdings, Inc. has acquired various payment technologies and companies (i.e. PayFlow Pro, BrainTree, Venmo, etc.) that many payment solutions employ in the background. If a merchant’s solution utilizes a PayPal gateway and hasn’t been upgraded to support TLS 1.2, it will stop functioning after the June 30, 2017 date.
To avoid credit card acceptance interruption and protect yourself against malicious attacks, you should:
- Upgrade your systems to support the latest security protocol TLS 1.2
- Start your upgrade process today. System upgrades take time and a backlog is already forming with many vendors. This will result in many merchants unable to accept credit card payments after June 30, 2017
- Nodus customers should contact Nodus Support to discuss their upgrade options and ensure that the software versions they are using support TLS 1.2
- Migrating from SSL & Early TLS webinar by PCI Security Standards Council
- Date Change for Migrating from SSL and Early TLS
- PayPal TLS 1.2 and HTTP/1.1 Upgrade Microsite
- Nodus TLS 1.2 Security Update
Chester Ritchie is the President of Nodus Technologies (http://www.nodus.com). Nodus is a certified Microsoft Gold Level Partner for payment software within the Microsoft Dynamics family of accounting systems. Nodus products allow users of Great Plains (GP), Solomon (SL), and AX to accept electronic payments inside of the accounting system. Accounting entries related to payments are automated and cash flow is increased.
January 6, 2017 by Chester Ritchie
Microsoft recently announced the discontinuation of the Dynamics Online Payment Services. Effective January 1, 2018, users of this service will no longer be able to process credit card payments within Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP, Microsoft Dynamics RMS, Microsoft Dynamics POS 2009, and Microsoft Office Accounting.
To mitigate any potential business impact due to the discontinuation of this product, Microsoft is recommending existing customers search for alternative payment products from Dynamics Independent Solution Providers (ISVs) such as Nodus.
Nodus is the leading provider of PCI certified electronic payment processing modules for Microsoft Dynamics. In addition to the core credit card processing functionality provided by Microsoft Dynamics Online Payment Services, merchants choose Nodus for security and additional accounting automation. The Nodus payment processing gateway can be used to replace Microsoft Dynamics Online Payment Services with minimal interruption to your business.
Nodus products are fully integrated into Microsoft Dynamics. Nodus has been the PCI certified payment solution for Microsoft Dynamics accounting systems for over 14 years. In addition to providing a secure credit card processing solution, Nodus payment solutions integrate with your accounting system to automate accounting entries, provide lowest rates for B2B transactions, and get you paid faster by automating A/R via our online bill pay module.
For more information on how to upgrade your Dynamics Online Payment Services to PCI compliant credit card processing software from Nodus, please visit http://www.nodus.com or call us at 909-482-4701.
Tampa has been very welcoming to the User Group Summit this week. The city grew over night as customers and partners alike began to arrive for an exciting week of Dynamics user content.
Summit kicked off on Tuesday with a cheerful keynote hosted by Andy Hafer, the CEO of Dynamics Communities. The keynote started off by highlighting some of the great accomplishments of the User Groups including celebrating their 10th anniversary and the largest attendance of Summit to date.
The keynote also shared some great examples of community by inviting the Portico Chorus on stage to bring the energy of the stadium alive with a few songs. Andy Hafer stressed the importance of community with an inspiring quote from Cesar Chavez: “We cannot seek achievement for ourselves and forget about progress and prosperity of our community…Our ambitions must be broad enough to include the aspirations and needs of others, for their sakes and for our own.”
The Summit then invited Scott Guthrie from Microsoft on stage to discuss the plans for Microsoft Dynamics 365. Microsoft’s vision statement is to “Empower every person and every organization on the planet to achieve more.” With the newest solutions introduced by Microsoft, they hope to continue to do so. Lastly, the audience was left with a short speech of encouragement related to the world of digital transformation from Ray Wong, the Chairman of Constellation Research.
After the keynote, the expo hall was opened to customers for the first time for the reception. The Nodus team was excited to debut our brand new booth which focuses on our strength of connecting electronic payments with ERP and CRM systems. Of the Nodus members to attend GPUG, one of them is Nodus’ new President, Chester Ritchie. He is experienced in the payment technology world, but is excited to participate in the Dynamics Channel.
The day ended with a parade throughout the expo hall leading outside to enjoy the fireworks show.
The Nodus team welcomes everyone to GPUG Summit and wishes you a great show. Please stop by booth 837 this week to learn more about our solutions and services. Drop off your business card for a chance to win a GoPro HERO 4! We will also be presenting a Solution Showcase on Thursday at 9:15am in TCC12 titled “PCI Compliance – Receivables and Secure Payment Processing.”
The holidays are approaching which means a time for cheer and presents—which means more money is being spent—which means more credit card fraud. With millions of card numbers already stolen this year, it is only a matter of course that much more will be stolen with the increased shopping of the holiday season.
Hackers who work on the good side of the law, investigating security breaches, have found even their own stolen information many times. In fact, Bryan Sartin of Verizon’s forensic computer tech team remembers finding a desk mate’s credit card information in two out of three cases, and when it wasn’t there, found his wife’s! With this amount of fraud going on, it’s unnerving to think that some merchants are not implementing any improved practices that will help secure their customers information during this holiday season. The last thing anyone wants is to deal with is credit card fraud when they could be spending quality time with family and friends.
A reason Sartin mentions about why the U.S. is so prone to credit card data security breaches is the way they are being processed. Credit card information goes through multiple systems, flying through the internet, and continues to travel to complete the transaction even after returning an accepted or declined message.
Mallory Duncan, general counsel at the National Retail Federation, proposes tokenization as a potential solution. With tokenization, the card information is taken to the gateway, and a token is returned. This token has no credit card data behind it—so even if it is stolen, it would be meaningless to the hacker.
Nodus provides the option of tokenization with all its products. Our solutions are PCI PA-DSS certified and we are always improving our solutions to help your business become more secure. Improve your processes to keep your customers’ credit card data safe during this holiday season and let the holidays get back to meaning joy and comfort.
To learn more about tokenization and securing your payment processing systems, schedule a free demo with us today at http://www.nodus.com/schedule_demo.html
Source: npr: National Public Radio
E-commerce has become a significant part of most business organizations due to the explosion and popularization of the use of internet and the ease of conducting business over it. Thus, it has become essential for eCommerce merchants to invest in quality and reliable integrated eCommerce to manage their online business and provide best service to their customers. However, it can be quite challenging to the e-Commerce merchants to choose the right eCommerce platforms to suit their requirements. This is of immense significance because even though most companies view their online business as a separate entity, the truth is that a major portion of their earnings comes through the internet. The eCommerce solutions help companies in better managing their websites by offering a number of user-friendly features. Thus, companies need to look for these features if they wish to maximize their business by selecting the e-Commerce solution provider best suited for them.
The choice of the integrated eCommerce solution should depend on the features that they need for their website. Some of the features that these solutions usually incorporate in their website include navigation, shopping cart, shipping, handling, taxes and order management system among others. The latest features offer greater ease of access to the
customers, which is essential for providing enjoyable shopping experience to the customers. Thus, companies need to decide upon the degree of flexibility and customization they require for their business. Customization can play a significant role in helping online promotional campaigns. This can include functions like auto-responders for sending automated replies and promotional materials to the customer and subscriber list. Thus, companies need to define their vision and requirements for selecting the correct eCommerce solution. Vendors offering a wider range of features and greater customization may charge more but will result in generating higher sales and revenues. Therefore, companies need to be sure of their requirements, which can help them selecting the right integrated e-Commerce solution for their online business.