Blog & Company News
May 30, 2018
Changes to PCI Compliance are Coming June 30. Is Your Ecommerce Business Ready?
In 2015, the Payment Card Industry (PCI) updated their standards for encrypting online and ecommerce transactions. For years the SSL and TLS 1.0 protocols were enough, but as hackers have gotten savvier the industry has been forced to adapt. To that end, ecommerce and businesses using online gateways must transition to TLS 1.1 encryption or better by June 30, 2018 or risk losing their ability to take credit card payments.
You may be scratching your head wondering what all this means. Here is a quick break down for you. SSL (Secure Socket Layer) and Transport Layer Security (TLS) have long been the cryptographic protocols used to secure conversations between two systems (i.e. the web server and web browser – Chrome, Safari, IE, etc.). In layman terms, SSL and TLS encrypt the credit card and customer information passed between the server and browser to keep it secure and private. SSL has not been considered secure as of 2014. TLS was released in 1999 and has replaced SSL as the standard for encrypting data sent across the web.
So now that you know the history, what can you do to prepare your ecommerce website for the change? Unfortunately, this answer isn’t as simple as “switch and you’re done.” When migrating to TLS 1.1, or the preferred TLS 1.2, here are a few things to take into consideration:
- Make sure the server your site is hosted on is compatible with this new protocol. For example, anything older than Windows Server 2008 will not support TLS 1.1 and 1.2. Windows Server 2012 is your best bet as it is likely to support future PCI standards longer requiring fewer updates on your part.
- Ensure servers have disabled the ability to fall back/ default to SSL or TLS 1.0. It’s not always a guarantee this won’t happen once you migrate, so you and your hosting company need to be thorough and diligent.
- Communicate with your customers. It’s possible that not everyone has the most up to date operating system on their computer. Older operating systems will not be able to find or connect to your site after June 30. By sending a simple email letting them know you have updated to the most up to date data encryption standards, you are telling your customers that you take their security seriously as well as let them know why they may not be able to see your site if they are still on Windows XP (yes, there are still some out there).
With June 30 rapidly approaching, time is of the essence to start migrating to TSL 1.1 or 1.2. If you haven’t already, reach out to your webhosting company to discuss the steps needed to get your online payments compliant before the deadline. If you haven’t thought about your website or how you take payments in a while, now may be a great to talk with the experts at NewtekOne for a review. Give them a call today at 1.877.323.4678, option 2