Like most, you probably have no clue what TLS means or does, and only care if it impacts your business. Hopefully your IT Team has phased out older hardware and made necessary software updates but if not, you can’t wait until June 30th. Starting in late January, some online services will begin temporarily shutting off TLS 1.0/1.1 access so those still using this will realize it and hopefully make necessary changes.
How do you know what version of TLS your browser uses? Each has a different way of telling but for Internet Explorer: select the TOOLS button, select ADVANCED tab. Scroll all the way down to the bottom of the Settings window to view the SSL and TLS versions that the IE browser will accept. Keep in mind, this is a universal deadline. Systems not updated will have connectivity issues on a broader scale.
Here are some examples of TLS plans in place already as the June 30th deadline approaches.
If you are a BillingTree customer on Payrazr Gateway, TLS 1.0 has already been disabled – the domain, mypayrazr.com still supports TLS 1.1 - any browser using older TLS will not function with the Payrazr gateway.
As you may be aware, new PCI DSS requirements state that all payment systems must disable earlier versions of TLS protocols. These older protocols, TLS 1.0 and TLS 1.1, are highly vulnerable to security breaches and will be disabled by Authorize.Net on February 28, 2018.
To help you identify if you’re using one of the older TLS protocols, Authorize.Net will temporarily disable those connections for a few hours on January 30, 2018 and then again on February 8, 2018.
Based on the API connection you are using, on either one of these two days you will not be able to process transactions for a short period of time. If you don’t know which API you’re using, your solution provider or development partner might be a good resource to help identify it. This disablement will occur on one of the following dates and times:
- Akamai-enabled API connections will occur on January 30, 2018 between 9:00 AM and 1:00 PM Pacific time.
- All other API connections will occur on February 8, 2018 between 11:00 AM and 1:00 PM Pacific time.
Merchants using TLS 1.2 by these dates will not be affected by the temporary disablement. It's strongly recommended that connections still using TLS 1.0 or TLS 1.1 be updated as soon as possible to the stronger TLS 1.2 protocol. If your current Virtual Point of Sale (VPOS) is an Authorize.Net product, please call Authorize.Net Customer Support at 1.877.447.3938 for assistance in updating to TLS 1.2.
Note: If you are not using a current version of a web browser, please take a few moments to upgrade it now. Browsers released prior to 2014 may not support TLS 1.2. You can check your browser's TLS support by visiting https://www.howsmyssl.com/.
If you have any questions about this email or the upcoming TLS disablement, please refer to our TLS FAQs.
USAePay is firmly committed to providing the highest level of security for merchants, developers, and partners. In 2015 the PCI Security Standards Council mandated that merchants discontinue the use of Transport Layer Security (TLS) 1.0 by June 2018. The TLS 1.0 encryption standard no longer meets minimum security requirement due to vulnerabilities in the protocol that cannot be fixed. It is critically important that all entities upgrade to a TLS 1.2+ and disable any fallback to TLS v1.0 as soon as possible.
USAePay will begin phasing out TLS 1.0 and 1.1 over the next few months:
- Sandbox (sandbox.usaepay.com): February 1st, 2018
- Secondary URLs (www-01.usaepay.com, etc): April 3rd, 2018
- Primary URLs (www.usaepay.com and secure.usaepay.com): May 15th, 2018
All merchants and developers are encouraged to migrate any outdated software as soon as possible. Please contact USAePay's Integration Support team at firstname.lastname@example.org for any questions regarding this transition.