The Payment Card Industry (PCI) Security Standards Council is strengthening its encryption standards to discontinue use of Transport Layer Security (TLS) 1.0 and Secure Socket Layers (SSL) in secure credit card transactions.
The PCI Security Standards Council is the authority on what makes a credit card or debit card transaction secure. The council determined that TLS 1.0 and SSL are vulnerable to hackers. In other words, you can’t count on TLS 1.0 or any version of SSL to protect payment card data; the communication session needs TLS 1.1 or higher.
Due to the popularity of web browsers that use TLS and SSL, most online sellers are expected to need to take action. Some consumers and B2B buyers are likely to need to take action as well.
It’s already underway. Websites that existed before April 2015 need to use TLS 1.1 or higher by June 30, 2016. Websites created since April 2015 need to use TLS 1.1 or higher immediately. Some websites have already made the change.
Essent is discontinuing use of TLS 1.0 before the PCI deadline and previously discontinued use of SSL.
Ensure that the technology you use to process payment card information uses TLS 1.1 or higher.
A good place to start is by asking your webmaster. If your webmaster is Essent and you have a support plan, please contact your Essent support representative. If your webmaster is Essent and you do not have a support plan, please contact your Essent sales representative.
The PCI Council has detailed, authoritative instructions.
Yes. Both sides of the transaction need to use TLS 1.1 or higher. If the customer is using non-compliant encryption, they’ll get locked out of the transaction. You’ll need them to have compliant encryption in order to sell to them online.
You’ll need to educate your customers to have them update their web browsers to versions that disable TLS 1.0 or lower (for example, Internet Explorer 10 has a manual setting to disable TLS 1.0) and that support TLS 1.1 or higher.
In short, have your customers download the latest version of any major web browser. The latest versions of Google Chrome, Mozilla Firefox, Internet Explorer, and Safari use the compliant TLS 1.1 and higher.
One of the best ways to find out what browsers visitors are using to visit your website is Google Analytics. You can contact your webmaster. If your webmaster is Essent and you have a support plan, please contact your Essent support representative. If your webmaster is Essent and you do not have a support plan, please contact your Essent sales representative.
Essent supports the latest and other recent versions of major web browsers including Chrome, Firefox, Internet Explorer, and Safari.
Just update your web browser to the latest version. The latest versions of the major web browsers use compliant encryption.
It depends how you do your buying.
If you use a web browser to access the seller’s ecommerce site (the way you buy things for yourself from Amazon), then follow the instructions for a B2C consumer: Use the latest version of a major web browser.
If you have a more sophisticated method like an eprocurement system that performs a PunchOut Catalog transaction to a PunchOut enabled website, you’ll need to talk with your trading partner to ensure that both the buying and selling sides of it are using TLS 1.1 or higher.
Find news, webinars, technology, trends, and more in the Essent Connect email newsletter.
Essent is the leading provider of fully-integrated business management software solutions and services for process-intensive industries and the largest trading network for the promotional products industry. The Essent family of fully-integrated products and services combines best practices, business processes, software automation, and network communications to deliver unparalleled, unified business management solutions. Since 1980, Essent has offered the systems, service, software, and support critical to success in today's highly-competitive marketplace.