It’s only the third month of 2018, which probably means many merchants might not yet be thinking about what’s coming around the corner this summer. For those who are unaware, there is one significant date to have on your calendars.
July 1, 2018: The TLS changeover deadline.
Just as merchants rush to get their heads wrapped around Payment Card Industry (PCI) compliance standards, there is another security concern they must get on board with. TLS, also known as the Transport Layer Security, is an encryption protocol that’s part of the next wave of PCI compliance. The TLS changeover is replacing the TLS 1.0 security protocol that is out of date for today’s payment security needs.
TLS, as its commonly called, is a cryptographic protocol used to establish a secure payment connection channel between two systems. This is used in authenticating a purchase and fully protecting the credentials of all parties involved in the payment process. This protocol has undergone many revisions over the past few years and is ready for a reboot.
How Can Merchants Prepare for the TLS Deadline?
Merchants don’t want to wait until the last minute to follow this security compliance requirement. Those who fail to make the switch won’t be able to process transactions starting July 1. To see if an update is needed, merchants should consult their POS provider, along with their e-commerce and payment processing partners.
Left unaddressed, not only will this hinder a merchant’s ability to conduct business, but it will leave their organization at risk for being breached. The upgraded TLS protocol provides better encryption standards to thwart off third-party hacker threats. Since this compliance requirement is linked to a merchant’s ability to protect its POS, it’s up to merchants to work with their terminal providers to ensure that their hardware and software are up to date with the latest security requirements.
Since any compliance switchover can come with some hiccups, merchants should prepare by acting early to avoid payment processing delays. Not switching before the deadline will cause massive delays in processing, which can cut deep into your bottom line.
What’s the Reason For the TLS Switch?
This security switchover may seem like just another big headache for merchants. Rest assured, TLS 1.0 is out of date, which means merchants should act as fast as they can to ensure their systems are up to speed. Hackers have already found ways to exploit old security protocols, which is why there has been such a strong deadline placed on this new encryption standard.
What merchants should know about the TLS switch is that it is designed to provide extra layers of security to keep their customer details, and their own business internal details, safe from outside threats. This is a critical part of the payment chain in today’s breach-filled world where POS attacks are all too common. This is also an important step in maintaining a positive relationship with payment issuing partners.
While it may seem like an overly complex task, merchants who act fast have the benefit of ensuring their systems are fully protected. For those who don’t act swiftly, they risk straining their relationships with their payment industry partners, as well as their customers. That’s a lose-lose situation for merchants. Merchants who are proactive about the TLS switch can rest easier at night knowing their customers — and their profits — are safe.
What Else Do Merchants Need to Know about the TLS Switch?
Making the TLS switch is also about understanding what protocol is the most secure. Industry recommendations suggest that before the July 1 deadline merchants work with their POS and e-commerce partners to implement TLS 1.1 or higher (TLS v1.2 is encouraged).
The merchants most susceptible to TLS vulnerabilities are merchants who conduct business and accept payments online. E-commerce merchants are most at risk because of how data is transferred to an online payment environment. Business should ensure their payment solution providers can provide them with:
- The ability to migrate to a minimum of TLS 1.1, with a preference of TLS 1.2
- A Patch TLS software against implementation vulnerabilities
- A secure method for configuring TLS and provide support for future versions
- The ability to provide PCI SSC resources that can help with a smoother migration
Is your business still using the early TLS protocols? If you aren’t sure, reach out to your POS and e-commerce solution providers today to ensure you are up-to-date with the requirements for the July 1 TLS deadline.