Don't know what TLS is? Here's some information on a subject that may impact your processing environment.
February 15, 2018
A July 1 PCI Security Standards Council deadline is prompting payments providers to act well before then, with many establishing their own compliance deadlines in February. What has provoked this eagerness?
The PCI Council in 2015 issued a deadline to migrate from earlier forms of Internet security standards. These measures govern the cryptographic protocol when devices connect using the public Internet.
Specifically, the PCI Council, which originally set a June 2016 deadline that was later moved to July 1, 2018, says Transport Layer Security 1.1 or higher is necessary for transactions to be compliant. Transactions made with Web browsers and many point-of-sale terminals using older versions of TLS or Secure Socket Layer technology will be out of compliance after that date.
Some merchants will have to update their Web sites to TLS 1.1 or higher, while others may need to update their POS terminals if these devices connect to the payments system using the public Internet.
Some merchants may have to update the operating systems on computers running their POS software if the system does not support the newer cryptographic standard.
TLS is the newest encryption protocol of a specification originally developed by Netscape as Secure Socket Layer. The Internet Engineering Taskforce oversees the protocol.
Processor First Data Corp. set a Feb. 15 deadline for transactions using its Datawire service, a transport network that sends financial data over the public Internet from a merchant’s POS system to First Data. Datawire only will support TLS 1.2, the most recent version of the security protocol, beginning then. Merchants that have not upgraded will not be able to complete transactions using Datawire until they move to TLS 1.2, First Data says in a notice.
Cayan, now a part of Total System Services Inc. (TSYS), has so-called brownouts planned to being in April that will disable products using TLS 1.0. The hope is that merchants will call to find out what happened, says Dominic Lachowicz, Cayan vice president of engineering. “This is basically to test merchant awareness and readiness,” Lachowicz says.
At Cayan, he estimates approximately 40% of its merchants are at risk. Several months ago, it was 60%. Many of the 40% are Cayan’s larger merchants. “We will make a very strong push to that deadline,” he says.