FAQ: PCI Mandate to Retire TLS 1.0, SSL

The Payment Card Industry (PCI) Security Standards Council is strengthening its encryption standards to discontinue use of Transport Layer Security (TLS) 1.0 and Secure Socket Layers (SSL) in secure credit card transactions.

Why is this change happening?

The PCI Security Standards Council is the authority on what makes a credit card or debit card transaction secure. The council determined that TLS 1.0 and SSL are vulnerable to hackers. In other words, you can’t count on TLS 1.0 or any version of SSL to protect payment card data; the communication session needs TLS 1.1 or higher.

Who does this change affect?

Due to the popularity of web browsers that use TLS and SSL, most online sellers are expected to need to take action. Some consumers and B2B buyers are likely to need to take action as well.

When is this change happening?

It’s already underway. Websites that existed before April 2015 need to use TLS 1.1 or higher by June 30, 2016. Websites created since April 2015 need to use TLS 1.1 or higher immediately. Some websites have already made the change.

Essent is discontinuing use of TLS 1.0 before the PCI deadline and previously discontinued use of SSL.

I’m a business. What do I need to do?

Ensure that the technology you use to process payment card information uses TLS 1.1 or higher.

A good place to start is by asking your webmaster. If your webmaster is Essent and you have a support plan, please contact your Essent support representative. If your webmaster is Essent and you do not have a support plan, please contact your Essent sales representative.

The PCI Council has detailed, authoritative instructions.

Are my customers affected?

Yes. Both sides of the transaction need to use TLS 1.1 or higher. If the customer is using non-compliant encryption, they’ll get locked out of the transaction. You’ll need them to have compliant encryption in order to sell to them online.

What do my customers need to do?

You’ll need to educate your customers to have them update their web browsers to versions that disable TLS 1.0 or lower (for example, Internet Explorer 10 has a manual setting to disable TLS 1.0) and that support TLS 1.1 or higher.

In short, have your customers download the latest version of any major web browser. The latest versions of Google Chrome, Mozilla Firefox, Internet Explorer, and Safari use the compliant TLS 1.1 and higher.

How many customers are using out-of-date browsers?

One of the best ways to find out what browsers visitors are using to visit your website is Google Analytics. You can contact your webmaster. If your webmaster is Essent and you have a support plan, please contact your Essent support representative. If your webmaster is Essent and you do not have a support plan, please contact your Essent sales representative.

What browsers are supported by Essent?

Essent supports the latest and other recent versions of major web browsers including Chrome, Firefox, Internet Explorer, and Safari.

I’m a consumer. What do I need to do?

Just update your web browser to the latest version. The latest versions of the major web browsers use compliant encryption.

I’m a B2B buyer. What do I need to do?

It depends how you do your buying.

If you use a web browser to access the seller’s ecommerce site (the way you buy things for yourself from Amazon), then follow the instructions for a B2C consumer: Use the latest version of a major web browser.

If you have a more sophisticated method like an eprocurement system that performs a PunchOut Catalog transaction to a PunchOut enabled website, you’ll need to talk with your trading partner to ensure that both the buying and selling sides of it are using TLS 1.1 or higher.

Tags: SiteBuilder, cybersecurity, cyber security, pci compliance, faq, security

Related Posts for "FAQ: PCI Mandate to Retire TLS 1.0, SSL "

Payment Card Tokenization: Reducing Risk and Responsibility of PCI Compliance

Understanding the California Consumer Privacy Act (CCPA), aka ‘GDPR-Lite’

The Case for Complying With GDPR

Subscribe to Connect

Find news, webinars, technology, trends, and more in the Essent Connect email newsletter.

Subscribe to Connect

News Links

Essent Blog

Understanding Enterprise RFP Requirements: Reliability, Uptime, and Performance SLAs

1st PromoStandards Hack-A-Thon, Sponsored by Essent, Tackles Industry Challenges

Understanding Enterprise RFP Requirements: Security – Access Control and Authentication

Letter from the PromoStandards Chair: Communication is at the Heart of What We Do

Understanding Enterprise RFP Requirements: Security – Payment Processing

Internet Explorer EOL: Gentle Jabs at Browsing Giant Proved IE’s Might

Understanding Enterprise RFP Requirements: Security – Sensitive Data and Consumer Privacy

Understanding Enterprise RFP Requirements: Security

PromoStandards Technology Committee Expects to Create ‘Game Changer’ for Purchase Orders

Registration Opens for PromoStandards Technology Summit and Hack-a-Thon

Tweets by EssentCorp

Fully-integrated business management solutions for Promotional Product Industry Distributors, Suppliers and Decorators.

Essent is the leading provider of fully-integrated business management software solutions and services for process-intensive industries and the largest trading network for the promotional products industry. The Essent family of fully-integrated products and services combines best practices, business processes, software automation, and network communications to deliver unparalleled, unified business management solutions. Since 1980, Essent has offered the systems, service, software, and support critical to success in today's highly-competitive marketplace.

1-610-559-9999 1-800-559-9959 info@essent.com