Upcoming security upgrade may interrupt your payment processing service.
Providing our clients with secure and reliable payment methods is a top priority for Dynamics Payments. As part of these efforts, we will discontinue support of older encryption methods, such as Secure Socket Layer version 3 (SSLv3) and early versions of Transport Layer Security (TLS 1.0).
What is SSL/TLS?
SSL/TLS is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems, and protect the confidentiality and integrity of information that passes between systems.
Why are we making these changes?
SSL/early TLS are no longer considered secure forms of encryption for payment card data. The PCI Security Council sets the rules on which technologies are acceptable for use in sending cardholder data and have identified the TLS 1.0 or 1.1 as no longer acceptable. Because of its widespread use online, SSL/early TLS has been targeted by security researchers and attackers. Many serious vulnerabilities in SSL/early TLS have been uncovered over the past 20 years, making it an unsafe method for protecting sensitive data. Merchants using SSL/ early TLS are most susceptible to these vulnerabilities and should be upgraded immediately. E-commerce merchants are also encouraged to implement a customer communication strategy to educate their customers about the dangers of using outdated software and the risk this poses to customer data.
Am I impacted?
If you use Dynamics Payments Integration systems or software to process payment transactions you will need to ensure your systems use TLS 1.2 before the deadline dates below.
When will the changes happen?
To avoid any payment processing disruption, your systems will need to be ready for this change by June 30th, 2018.
What to do?
Work with your IT team to ensure the insecure protocols are disabled in your environment. Migrate to a minimum of TLS 1.1, preferably TLS 1.2. While it is possible to implement countermeasures against some attacks on TLS, migrating to a later version of TLS – notably TLS 1.1 and TLS 1.2 – is the only reliable method to protect yourself from the current protocol vulnerabilities.
As always, should you have any questions or further needs relating to this subject, please contact us at 787.783.8689 or firstname.lastname@example.org.