How to Migrate to TLS 1.2
Who doesn't love a good, rich security protocol, you may ask? You love them because they keep your networks safe; cybersecurity hackers love them because they can be back doors into exploiting your network! So, yes, there is this constant tension or rivalry between the levels of secure communication your system is capable of managing and the potential threats to that network—and it takes a constant diligence to stay ahead of the crooks! Sometimes this is as easy as replacing your old card readers with more advanced point-to-point encryption readers; sometimes the changes required to update security settings may need to go a little deeper. At Worldpay, card data security and maintaining the network communication security of our merchants is a top priority that goes beyond being good business partners!
Cybersecurity affects and impacts all of us in the payments industry—so we feel it is important for us to share what we know so you can also protect your customers and your business. We realize that understanding and implementing such things as encryption protocols and secure cipher suites can be complex, so we are here to help. This blog series will explore the potential impacts and solutions available to our partners and merchants and is intended to underscore that we all go through this together, with each new security mandate and each new cyber threat! So who doesn't love a good, rich, security protocol?
Payment Card Industry Security Standards Council TLS 1.2 Changeover: out with the old in with the new!
The next big update being required in security is moving internet communication traffic to secure implementations of Transport Socket Layer (TLS) 1.1 and if possible to TLS 1.2—the new gold standard of internet protocols. Currently, Vantiv supports TLS 1.2 on every processing interface. At this point, TLS 1.2 lives side by side with other currently allowable ciphers, so it is possible to communicate with a "weaker" cipher and still process.
In the near future, these other ciphers will no longer be supported and we will be required to disable them. It is our goal to enable you with the tools and education necessary for an easy, hassle free TLS 1.2 migration. The sooner you get started, the easier things will be for you to make the change, because if delayed, the potential for lost revenue increases.
Below are 5 tips to help guide you through the TLS 1.0 migration on MercuryPay and Express Interfaces.
1. What change will the Payment Card Industry Security Standards Council (PCI SSC) require?
July 1, 2018, an encryption method called TLS 1.0 will no longer be approved by the Payment Card Industry (PCI). Anyone transmitting electronic transactions over the Internet must update to a newer version of TLS before that day, or the the potential for processing interruptions is increased.
2. How will Vantiv Integrated Payment’s changes impact my business and my merchants?
Worldpay will continue to provide messaging to partners for MercuryPay and Express interfaces to confirm dates of impact.
Developers integrating or testing their existing solutions in our certification (CERT) environments on MercuryPay and Express should consider modifying their applications to support TLS 1.2 as soon as possible. We have updated our MercuryPay and Express certification (CERT) interfaces to only support TLS 1.2.
For more information about how to test support for TLS 1.2 in our certification environment see question 4.
3. What happens if a merchant does not update to a newer version?
Merchants and partners who do not update their systems to TLS 1.2, before July 1, 2018, may be at greater risk to processing interruptions.
If this changeover is not implemented well before the deadline the impact to lost revenue could be detrimental, because it will be difficult for them to quickly determine why and where exactly their processing capabilities failed. Assume a merchant will have to call everyone involved in their payments chain, starting with their Reseller, POS provider and processor (multiple if gatewayed).
4. How do POS companies confirm their software is compatible with newer versions of TLS?
- To determine what ciphers and protocol you have implemented, go to https://www.ssllabs.com/ and test your browser. There is no need to wait, confirm that with only TLS 1.2 in place you can still communicate to our CERT environment.
- On March 5th 2018 the MercuryPay certification platform was updated to support only TLS 1.2 protocol.
- On April 2, 2018 the Express certification was updated to support only TLS 1.2 protocol.
5. How do I contact Vantiv Integrated Payments for support?
Leave a comment or ask a question.
Questions about product roll out dates
- Partners should contact their Channel Manager regarding details about production server changes
Technical support questions
- Partners requiring technical help to confirm or clarify changes that need to be made to their applications or merchant environments can contact Developer Integrations
- To determine what ciphers and protocol you have implemented, go to https://www.ssllabs.com/ and test your browser.