Recently Authorize .net and 2Checkout Payment Gateway Companies Official email arrived saying something about security updates.
Similarly many of our clients received the email and approached us to investigate about the notice and required actions to take.
I am sharing the notice again that was sent by Authorize
In preparation for this requirement, Authorize.Net plans to disable TLS 1.0 and TLS 1.1 on the following dates:
Production: September 18, 2017
We have disabled the sandbox in advance of production to allow you and your developer time to test your website or payment solution and ensure you are no longer using TLS 1.0 or 1.1 prior to September 18th.
Please contact your web developer or payment solution provider, as well as your web hosting company, to confirm that they can support TLS 1.2 for your API connections.
Similarly we got notice from 2checkout
Dear Valued Merchant,
From protecting the identity of our Merchants to securing your customers’ transactions, our focus here at 2Checkout is to process your payments securely and efficiently while adhering to the latest changes and updates within the payments industry.
The Payment Card Industry (PCI) Security Standards Council (SSC) has released its latest data security standard (DSS) 3.1, which mandates all businesses move away from Secure Sockets Layer (SSL) web encryption because it’s no longer considered strong enough. Therefore, starting June 1, 2017, 2Checkout will no longer support SSL 3.0 and TLS 1.0. This means that all API requests, Vendor Admin sessions and standard checkout processes will need to use TLS 1.1 or TLS 1.2.
As a Merchant, please check to ensure your connectivity will not be affected – you may need to make updates to your servers, programming language and even the browser you are using immediately. Supported browsers are outlined below. For more details on this change, please check out this blog post.
The 2Checkout Sandbox environment, sandbox.2checkout.com, has already been changed to support only TLS1.1 and TLS1.2. Tests can be performed today with your shopping cart integration and API calls against that environment prior to the June 1st deadline.
Please check your system to see if any action is needed to support this update. Your applications may be unable to connect to 2Checkout services after the changes are implemented in production.
As always, you may reach us at email@example.com with any questions.
Thank you for your business,
So How to check if your site will be affected by Payment Card Security Standards update ?
How to check if your site still follows Payment Card Security Standards after TLS 1 and 1.1 loses support ?
Here in this article we are going to give you a simple way to check if your site needs an update or not.
Steps to follow.
- Open your website in Firefox.
- In the address bar you will see a Padlock, click on that.
3. Once you click a popup will show up , click on the right arrow shown on popup
4. Click on the more information button.
4. Now in the security tab you will be able to see if your site has TLS 1 or TLS 1.1 or TLS 1.2 or else.
Now as you have seen the Technical Details Of your website Connection.
If it is TLS 1 or TLS 1.1, your SSL needs update otherwise the Authorize.net or any other payment gateway notice is not for you.