Will Your Payment Processing Break Due To Mandatory Security Update? – 2017 Deadline Approaching for TLS 1.2 Requirement
The PCI Security Council has mandated that online merchants who accept credit cards must upgrade from the older SSL and early TLS security protocols, to the newer TLS 1.2 protocol. The required implementation dates to remain in compliance have changed multiple times, causing merchant confusion. To further this confusion, individual gateways and processors have their own implementation timelines for TLS 1.2 support.
Due to recent high profile attacks, some vendors have decided to expedite the transition to TLS 1.2 and completely end support of the older, less secure protocols. This was primarily done because of the known risks of the older security protocols and the PCI Security Council’s assessment of the risk to merchants. The PCI Security Council has stated, “The vulnerabilities within SSL and early TLS are serious and left unaddressed put organizations at risk of being breached.” Because of these known risks, payment technology vendors have become more aggressive in their implementation timeframes and are in the process of deprecating the older protocols beginning in 2017.
One such company is PayPal. PayPal just recently turned off support of the older protocol for test environments and will completely stop supporting the older protocols by June 30, 2017. FOR MERCHANTS USING A PAYPAL PAYMENT GATEWAY WHO HAVE NOT UPGRADED THEIR SYSTEMS TO SUPPORT TLS 1.2, CREDIT CARD PROCESSING SERVICES WILL NO LONGER WORK AFTER THAT DATE.
Dates to know:
- PCI Security Council original date of TLS 1.2 compliance was 2016
- PCI Security Council new date of TLS 1.2 compliance is June, 2018
- PayPal testing environment ended support of older protocols on February 15, 2017
- PayPal production environment ends support of older protocols on June 30, 2017
How do you ensure you will be able to accept credit card payments after the June 30, 2017 deadline? The first thing merchants should do is contact their systems providers to determine all of the payment gateway connections their solution employs. Merchants should then verify that their solution has been upgraded to support the TLS 1.2 protocol. This often times reveals a spider web of connections. Many solution providers support a variety of gateways to reach a particular processing platform.
In the example of PayPal, merchants may be unaware that their payment acceptance solution could utilize technology from PayPal even if they do not accept PayPal as a form of payment. PayPal Holdings, Inc. has acquired various payment technologies and companies (i.e. PayFlow Pro, BrainTree, Venmo, etc.) that many payment solutions employ in the background. If a merchant’s solution utilizes a PayPal gateway and hasn’t been upgraded to support TLS 1.2, it will stop functioning after the June 30, 2017 date.
To avoid credit card acceptance interruption and protect yourself against malicious attacks, you should:
- Upgrade your systems to support the latest security protocol TLS 1.2
- Start your upgrade process today. System upgrades take time and a backlog is already forming with many vendors. This will result in many merchants unable to accept credit card payments after June 30, 2017
- Nodus customers should contact Nodus Support to discuss their upgrade options and ensure that the software versions they are using support TLS 1.2
- Migrating from SSL & Early TLS webinar by PCI Security Standards Council
- Date Change for Migrating from SSL and Early TLS
- PayPal TLS 1.2 and HTTP/1.1 Upgrade Microsite
- Nodus TLS 1.2 Security Update
Chester Ritchie is the President of Nodus Technologies (http://www.nodus.com). Nodus is a certified Microsoft Gold Level Partner for payment software within the Microsoft Dynamics family of accounting systems. Nodus products allow users of Great Plains (GP), Solomon (SL), and AX to accept electronic payments inside of the accounting system. Accounting entries related to payments are automated and cash flow is increased.
Verifone announced the discontinuance of the PCCharge and PAYWare credit card processing software titles in 2015. All development, orders, and shipments have been discontinued. Late last year, Verifone also ceased all support of the products.
The reason for the end-of-life of these popular products was due to legacy technology and their lack of security. These products were on-premise installed software that acted as a middleware between many applications and the credit card processor. They put merchants at risk of a hacker attack by storing credit card cardholder information locally on merchant computers. Merchants would be liable for any losses that occur if their local environment is compromised and these credit card numbers are stolen.
How To Protect Your Business
There are a large number of businesses still running versions of PCCharge and PAYWare today. It is extremely important to cease using these products immediately and switch to a newer solution for your credit card processing and merchant service needs
The Nodus PayFabric payment processing gateway can be used to replace PCCharge or PAYWare with minimal interruption to your business. PayFabric is a cloud-based solution that removes local storage of credit cards and places them in the off-premise secure Nodus cloud. Credit card information is further safe-guarded by encrypting cardholder information and tokenizing the stored information.
Nodus PayFabric is already integrated to many ERP, CRM and business line software solutions. Nodus has been the payment solution for Microsoft Dynamics accounting systems for over 14 years. In addition to providing a secure credit card processing solution, Nodus payment solutions integrate with your accounting system to automate accounting entries, provide lowest rates for B2B transactions, and get you paid faster by automating A/R.
For more information on how to upgrade your Verifone PCCharge or PAYWare software to PCI compliant credit card processing software, please visit http://www.nodus.com or call us at 909-482-4701.
For the third time, Nodus Credit Card Advantage, ePay Advantage and eStore Solution Stack have been validated against the Payment Application Data Security Standard (PA-DSS). This time, the Nodus solutions have been validated under the new PA-DSS version 3.2 which requires support for only secure encryption protocols such as TLS 1.2.
“Nodus is very dedicated to maintaining our PA-DSS certification for all of our solutions,” said Nikki Nguyen, Director of Product Management, “Providing secure applications for processing electronic payments helps us maintain trust with our loyal customers and partners.”
Due to the new industry requirement, Nodus is highly recommending that all current customers upgrade to the newest versions of their Nodus software to utilize the TLS 1.2 encryption protocol. This upgrade should be scheduled as soon as possible to avoid any disruption when Payment Gateways begin to turn off the previous insecure encryption protocols. More information on the TLS 1.2 Security update can be found at: http://www.nodus.com/nodus_TLS_Security_Update.html
Customers interested in upgrading can contact Nodus Technologies Support at (909) 482-4701 option 2 or by e-mailing email@example.com.
What is PA-DSS?
The PCI’s Payment Application Data Security Standards (PA-DSS) defines security requirements & procedures for software vendors of payment applications to securely manage and protect card data. A validated PA-DSS application means that the payment application has been assessed to ensure it meets all of the security requirements of the Payment Card Industry Security Standards Council (PCI-SSC).
How does the PA-DSS impact customers?
Secure payment applications help to facilitate a customer’s PCI DSS compliance. When implemented in a DSS-compliant environment, PA-DSS validated payment applications will minimize the potential for security breaches leading to compromises of full magnetic stripe data, card validation codes and values (CAV2, CID, CVC2, and CVV2), PINs and PIN blocks.
The Nodus team will be heading to Tampa, Florida, this month for GPUG Summit 2016! We are proud to be a returning sponsor of this ever growing event. GPUG Summit is a great way for GP Users to extend their product knowledge, interact with other GP users, and learn about ways to maximize their ERP solution.
Partners, customers and prospects alike can find Nodus at Booth #837 during Summit. We will be there to answer any questions that you may have. We will be promoting our newest solutions and integrations, listed below:
- Nodus PayLink: One-click payment links for Dynamics GP
- PayFabric: Cloud-based electronic payment processing and storage
- New features of our current solutions
- Information on the newest PCI requirements
- Nodus and SalesPad integration
- Nodus and Professional Advantage Integration
Schedule a one-on-one with the Nodus team by emailing firstname.lastname@example.org or simply stop by our booth!”
Nodus will also be presenting at GPUG Summit:
PCI Compliance – Receivables and Secure Payment Processing
When: Thursday, October 13th, 9:15-10:15am EDT
While you’re at Summit, don’t forget to share your experiences and follow Nodus’ social profiles for the latest Summit updates.
So what are you waiting for? Register for GPUG Summit and don’t forget to come talk to us!
Do you have the best practices in place to help you both achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS)?
Nodus Technologies and Dara Security are hosting a joint webinar on December 8, 2015 to discuss the basics of PCI Compliance and how Nodus can help merchants achieve compliance through secured payment applications.
Some of the highlights of this webinar are:
- Payment transaction trends
- Overview of PCI and how it applies to merchants
- Secure processing and storage of credit card data
Register for our webinar here.
Can’t make it but still want answers to your PCI questions? Give us a call at (909) 482-4701 or email email@example.com.
It comes as no surprise that credit card theft is on the rise. Data theft is constantly grabbing news headlines and PCI Compliance is important now more than ever! Well, what is PCI Compliance? The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
Small businesses are especially vulnerable to data theft because they are less likely to be up to date with PCI Compliance standards. Here are just a few ways that you can protect your small business from data theft and work towards maintaining PCI Compliance.
1. Use a strong password- Weak passwords are easily hacked and provide thieves with easy access to your point-of-sale information. Make sure that your password contains both upper and lowercase letters, as well as numbers and special characters.
2. Properly dispose of vulnerable information-Shred all paper that contains sensitive data and wipe the contents of computers before disposal to ensure that the information doesn’t end up in the wrong hands.
3. Encrypt sensitive data- Using PA-DSS certified solutions like Nodus’ PayFabric solution helps prevent data theft by removing data from your company environment and putting it into a safe, cloud-based storage system. Be sure to also use a secure payment gateway when processing your customers’ payment information.
4. Make sure your systems and software are up to date-Installing updates to your operating system and software are crucial to both maintain PCI requirements and adapt to changing technology.
Knowing your company’s vulnerable areas is key to protecting your customers’ sensitive payment information. Remember, it is the merchant’s responsibility to protect their customers’ data.
For more information on PCI Compliance, visit http://www.nodus.com/pci_compliance.hmtl
In business, cash is king. Various factors influence an organization’s ability to collect revenue, however proper cash flow management is essential to supporting and advancing business objectives. It is understood that getting a customer to purchase your product or service is only part of what most consider a successful transaction. Getting them to pay in a timely manner, and feel satisfied, changes everything. So what can you do to facilitate timely payments and enhance customer satisfaction? Consider the following suggestions:
- Take advantage of available technology. Paper bills are a dying breed. Not only are they more costly, less efficient and worse for the environment, but they often get lost, take longer to process, and don’t provide much convenience for businesses or customers.
In lieu of paper bills, consider offering customers the ability to view and pay their bills online. This technique is less costly, more efficient and eco-friendly. It allows for your customers to receive billing statements immediately, and with tracking options, you can actually verify a successful receipt – down to the exact day and time. Once customers receive an electronic bill, they can log on to your website or payment link and self-enter their payment details – which reduces the errors and risk often associated with manual data entry. In fact, with the right technology you can ensure no sensitive data ever hits your servers – which greatly reduces your liability and simplifies your scope of PCI compliance. Plus, with popular features like “Auto-Pay,” your customers can schedule timely payment submissions, and essentially forget about them. Reconciliation becomes easier and less labor intensive since electronic records can be drawn and filtered daily. In sum, online bill payment promotes better cash management, lower administrative overhead, reduced postage and printing, and fewer number of delinquent accounts.
- Use a CRM that can accept payments. In addition to offering online bill presentment, recording all interactions with customers is a must. When an account is past due, and a payment has not been received in a reasonable period, you should contact your customer to discuss payment using a CRM that can accept payments. While this is often done by mail or email, a phone call will engage your customer the most and allow them to specify details of their situation, and possibly, even make a payment right over the phone.
Regardless of which approach you take, you should be sure to log the details of each contact so you or other departments can make informed decisions in the future. Keep notes on when follow-up communications were sent and record your customers’ responses to these follow-ups. This will allow you or your employees to schedule subsequent follow-ups more effectively, and use prior information supplied by your customer to judge an appropriate course of action. For example, if the customer was not satisfied and is planning on returning a product or if a customer promised to pay a late invoice in 3 weeks and 5 weeks have passed – you or your team can reference their prior comments in any follow-up discussions, and subsequent resolution process. With the right technology, your customer service representatives or accounts receivable department can take payment from a customer over the phone without leaving the CRM environment. Those payments can be drawn from a customer’s e-wallet on file, automatically integrated with back office systems, and processed immediately in real-time, or later, in a delayed batch. This makes it easier and more efficient to receive payments, while logging or reviewing notes of a customer’s situation. It also will make your customer feel more satisfied when dealing with a representative that has detailed knowledge of prior interactions, and who can expedite payment processing in a fast, efficient manner. For additional assistance with streamlining accounts receivable or electronic payment processing please contact Nodus Technologies or sign up for our free webinar. Call 909 – 482-4701 or email firstname.lastname@example.org
Nodus Technologies strives to develop great products, and we also work hard to continually improve them. Taking into consideration user feedback, industry research, and thoughts about the ever changing future, we put in extensive effort to release better versions of our products every year.
Nodus is proud to present the official release of ePay Advantage 5.0 Service Pack 1. ePay Advantage is our online bill presentment and payment solution that will allow your customers to go online and pay their outstanding invoices. It helps automate your accounts receivable process and cut down on PCI challenges. The latest version of ePay Advantage was released Tuesday, October 28th and is now compatible with Dynamics GP 2013 R2. ePay Advantage 5.0 provides users with a list of anticipated new features, bug fixes, performance improvements and security enhancements.
One of the most groundbreaking updates of ePay Advantage 5.0 is its seamless integration with Nodus PayFabric, a hosted, cloud-based processing engine. ePay with PayFabric can help merchants reduce the challenges of PCI Compliance by collecting and processing sensitive payment information without ever having it touch their environment. Using ePay with PayFabric, you can use multiple gateways and processors, and you can choose to not store any credit cards or ACH numbers within your local networks.
In addition to PayFabric, ePay 5.0 users can also:
- Customize PDF versions of invoice details
- Choose which landing page customers will be directed to when applying the single sign-on feature from an existing website to ePay Advantage
- Separate Address Verification and Zip Code Verification which will give the freedom to customize security options
For a complete list of all new features and updates, please contact us today to request the ePay 5.0 release notes or schedule a live demo with our sales team.
(909) 482-4701 or email@example.com