These days most consumers feel confident using credit cards online through e-commerce shopping carts and transacting personal data with businesses. Since businesses are entrusted with consumer confidence and personal data, it’s vital to protect this data from cyber-attacks. When it comes to credit card processing, it requires constant oversight to protect their customer data and avoid becoming victimized by persistent criminals. This article is to inform you about why you need to migrate from SSL and upgrade to TLS v1.2 or higher for secure and compliant credit card payment processing.
Here's some background before we answer why migrate from SSL and upgrade to TLS 1.2 or higher.
To keep your merchant data safe when processing credit cards, you must comply with the new PCI-DSS regulations and migrate from SSL and upgrade to TLS 1.2 or higher. The deadline was June 30, 2018 and now SSL V3 and TLS 1.0 are no longer PCI compliant or approved methods of running credit card transactions. Let’s review a few basic terms including PCI, SSL, and TLS and what the new standards mean to you.
What is PCI Compliance?
PCI compliance security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.
This means that if you are using anything outside of an EMV-enabled credit card terminal, you need to ensure your work station, internet connection, and server are up-to-date with the PCI security standards.
What is SSL?
Secure Sockets Layer (SSL) is the secure communications protocol for any business online and e-commerce environments using SSL. SSL has been the standard when transacting credit card details with other processors for card daily transactions and approvals. It’s been the standard of choice for the majority of the Internet community. Secure HTTP, or HTTPS, is a familiar application of SSL in e-commerce or password transactions. (Viega, 10)
The current version of SSL is version 3.0, released by Netscape in 1999. The Internet Engineering Task Force (IETF) has created a similar protocol to standardize SSL within the Internet community.
What is TLS?
Transport Layer Security (TLS) is the new standard for secure credit card processing. Earlier versions of TLS prior to version 1.2 or higher are most susceptible to these vulnerabilities and should be upgraded immediately.
TLS 1.2 enforces a methodology that utilizes strong encryption to keep data safe. Our Sage 100 integration, for example, takes advantage of your operating systems’ highest available encryption method. Higher encryption methods of TLS 1.2. Both the client and the server must have operating systems that can process TLS 1.2 methodology.
Several of these new methodologies APS is rolling out are in conjunction with the standards of cryptography and virtual currencies (cryptocurrencies), to ensure all data is being transmitted with the highest levels of security.
Why migrate from SSL and upgrade to TLS 1.2 or higher?
What does this mean to you? In a previous blog on Sage 100 TLS 1.2. PCI Compliance, we asked our current Sage 100 customers to check their systems. If you are still running an old server (i.e. Microsoft Windows Server 2003) or are running older versions of Windows (i.e. Windows XP) on your work stations, please contact APS to ensure you are prepared for the upcoming changes and your integration adheres to TLS 1.2. PCI compliance standards.
Here's an excellent resource guide provided by the from the PCI Security Standards Council – to help you learn how to migrate from SSL and upgrade TLS to 1.2 or higher: https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Migrating_from_SSL_and_Early_TLS_Resource_Guide.pdf
How does American Payment Solutions (APS) make a difference?
APS credit card solutions are ready to handle the new PCI compliance security standard for TLS 1.2 that enforces a methodology which utilizes strong encryption to keep data safe. We make sure our solutions are compliant with current PCI standards. Our team works hard to provide our clients with a secure, fully integrated PCI compliant credit card solution. In addition, our clients typically benefit from lower their merchant fees. If you have not made the switch to APS yet, contact us to see how we can help!
This article is a reminder that are some steps you need to take on your end!