On-Premise Customers Need Up-To-Date Encryption to Process Payment Cards
Attention Essent On-Premise customers: You will need up-to-date encryption to continue to process payment cards in the EssentOne™ and/or Compass™ business management system.
You should bring this to the attention of your Information Technology (IT) department.
The Transport Layer Security 1.0 (TLS 1.0) encryption protocol no longer meets minimum security standards as determined by Payment Card Industry (PCI) Security Standards Council due to security vulnerabilities for which there are no fixes.
As of June 30, 2018, payment card processor USAePay will no longer support payment card processing using TLS 1.0 encryption.
Essent Service Impact Analysis
Essent On-Premise customers, meaning customers who run Essent® Compass™ via their own servers at their own facilities, need to upgrade their encryption before June 30, 2018, if they haven't already.
Essent On-Premise customers who do not upgrade to the TLS 1.2 encryption standard will no longer be able to process payment cards. Other features are likely to become disabled as well.
Essent On-Demand and Essent Hosting customers, meaning customers who are running Essent® Compass™ and/or EssentOne™ via the Essent Cloud, do not need to take action at this time. Upgrades to Essent infrastructure included the upgrade to TLS 1.2 in 2016.
For more information on how to enable the newer, more secure encryption standard, TLS 1.2, please reference Microsoft's documentation here:https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#support-for-tls-12
We also recommend that any servers running Compass related applications have the latest supported version of the Microsoft .NET Framework, which is version 4.7.2 and can be found at https://www.microsoft.com/net/download/dotnet-framework-runtime