As stakeholders in the payments industry, we have all known for a long time that SSL and Early TLS are not secure. But are you up-to-date on the latest developments regarding migration to new systems?
In this article the Paydoo team will take a look at the context surrounding the issue and provide you with the latest news and next steps you should take to keep your business as safe as possible from data breaches.
The very high profile news surrounding the discovery of the “Heartbleed” bug in April 2014 opened the world’s eyes to cybersecurity concerns, and The Payment Card Industry Security Standards Council (PCI SSC) were quick to react when they published published the Migrating from SSL and early TLS Information Supplement one year later
This document is filled with key information. It also provides excellent guidance on steps that can be taken by large and small merchants alike to combat cybersecurity threats posed by the weaknesses in the SSL and Early TLS security technologies.
In this document, The PCI SSC marked the 30th June 2016 as their deadline for migration to new systems. But this deadline was changed in December 2015 - let’s take a look at why, what you can do to meet this deadline and why you do not want to wait until the last moment.
A New Deadline
In December 2015, The PCI SSC changed the migration deadline to 30th June 2018. This decision was taken after consultation with the marketplace in order to give businesses additional time to migrate to new protocols.
This extra time will indeed allow many stakeholders to update their security technology offering, but is is highly advisable for migrations to be made as soon as possible given the evident weaknesses in SSL and Early TLS technologies.
Of course, Paydoo experts are available to discuss your migration activities at your convenience. Contact us today at [email protected].