Meeting the deadline to update to the latest Transport Layer Security Protocol TLS 1.2 is crucial for maintaining PCI compliance.
NEW YORK, March 13, 2018 (Newswire.com) - Customized payments solutions company E-Complish has announced that it’s requiring its merchants to upgrade to Transport Layer Security (TLS) 1.2 by the PCI Security Standards Council’s deadline of June 30, 2018. With regard to any client merchant still not using TLS version 1.2 after that date, the merchant and its customers can expect service interruptions and merchants can expect very heavy customer service activity.
While the mandate from the council is for an upgrade to at least TLS 1.1, E-Complish and most providers are migrating to version 1.2 for meeting today’s stringent standards of safeguarding electronic payment data.
Explains E-Complish CEO Stephen Price, “In April 2015, the PCI Security Council announced that SSL / TLS1.0 would no longer be permitted as a security protocol after June 2016. This caused an uproar in the IT community and after much feedback from the industry, the deadline was graciously extended to June 2018 – a date which we are rapidly approaching. At E-Complish, we are continuing to see incoming network traffic where consumers and merchants alike are using outdated web browsers and systems. Those same individuals are in for a rude awakening come June 2018 unless they upgrade their systems and/or web browsers to the latest modern versions.”
Standardized by the Internet Engineering Task Force (IETF), Transport Layer Security, or TLS, is a cryptographic protocol utilized for establishing a secure communications channel between two systems. Sometimes known as the "TLS Handshake Protocol," it authenticates one or both of the systems, thereby safeguarding the integrity and confidentiality of any information that passes between them. Originally, it was developed by Netscape in the early 1990s and known as the Secure Sockets Layer (SSL) protocol. As computerized payments systems, the internet and the skills of criminal hackers evolved and became more complex, SSL went through several major revisions over time, becoming SSL 3.0 in 1996, TLS 1.0 in 1999, TLS 1.1 in 2006 and TLS 1.2 in 2008.
There have always been un-patchable, serious vulnerabilities in SSL and TLS, although TLS 1.2 is by far the most secure version developed to date. Two of the most infamous hacker attacks, POODLE and Heartbleed, were among the many reasons that came to light as to why and how TLS needs continuous updating.
TLS 1.1 and 1.2 are now part of PCI Compliance, which is necessary to maintain if you are accepting payments. Non-compliance may very well lead to huge data breaches with catastrophic consequences for a merchant including lost inventory, lost customers, widespread negative publicity, lawsuits from financially harmed customers and fines and lawsuits from credit card providers including VISA and MasterCard. In fact, a large enough data security breach could strip a merchant of their ability to accept credit cards or, worse yet, put a merchant out of business.
For merchants who do need to migrate to TLS 1.2, E-Complish has some advice about how to handle customer support calls. It starts with telling their customers that they may need to upgrade their internet browsers for support calls.
E-Complish Director of Quality Assurance Amber Capece says, “Come June 2018, we are expecting heavier-than-usual customer support requests. Consumers are going to attempt to pay our clients and nothing will come up on their web browser. So now what? Our customer service team is going to be instructing our clients to tell their customers to upgrade their browsers. All of the modern browsers, (Chrome, FireFox, Safari, Internet Explorer/Edge, etc.) are already using TLS 1.2 as their security protocol today. A simple upgrade of their browser is all that is needed and ‘ba-da-boom’ things are back and working. It's just that simple.”
“Our hope in sending out this information is that merchants and consumers alike can start now and upgrade their systems. This is kind of like a mini-Y2K (Year 2000) and if you remember, Y2K turned out to be nothing. Everyone prepared in advance. Here we are again and a simple upgrade of a web browser today will eliminate 99 percent of the customer service problems coming in June. Let's be proactive!” says Price.
888-847-7744, ext. 205
Source: E-Complish Inc.