Is Online Encryption Changing?

credit card security

Last October, we shared seven different tips for National Cyber Security Awareness Month. One of the tips was to utilize encryption. We explained that point-to-point encryption is the current standard for ensuring that credit card data is fully encrypted all the way from submission through payment processor receipt.

Because strong encryption is absolutely essential for protecting online payment data, a mandatory upgrade is being rolled out in the coming weeks. This upgrade is being handled by the Payment Card Industry Security Standards Council. The new encryption standard they’re implementing is known as Transport Layer Security 1.2.

More Details About This Encryption Update

The existing standard that many e-commerce platforms and providers have been using is Transport Layer Security 1.0. This standard has been around since 1999, which means hackers have had plenty of time to study and exploit it. In fact, there were a number of vulnerabilities discovered that allowed attackers to fully decrypt network traffic protected by TLS 1.0 back in 2014. These vulnerabilities revolve around fundamental protocol design issues, which is why upgrading instead of simply trying to patch the problem is so important.

As far as exactly why businesses need to comply with this update, the biggest reason is it’s the best way to protect all of their own data, as well as the data of their customers. Not following through with this upgrade can create a huge liability for any business that transacts online. Another reason is as different services drop support for TLS 1.0, not upgrading to a newer version means different parts of a website or online software that a business is using will break.

What Does This Online Encryption Change Mean for Your Business

Although June 30th is the official date of this change, the good news is it’s unlikely to cause any significant problems for online merchants or consumers. The main reason is this transition has been taking place for some time. For example, Stripe already dropped support for both TLS 1.0 and 1.1 earlier this month. And for any affected merchant, all that needed to be done was a simple OpenSSL upgrade by their tech team or hosting provider.

If you have any specific questions about how your business may be affected by this change, contacting your payment processor is the best way to get an answer. In the event they aren’t able to answer your question in a timely manner, it’s a strong indication that your business will greatly benefit from choosing a new payment processing company.

Posted on Wednesday, July 25th, 2018