Industry Mandated SHA/TLS Updates

SHA-2/TLS 1.2

SHA-2/TLS 1.2

More than likely, your merchants have received letters from their banks/processors notifying them of Security Updates, Shut-Off Dates, and Required Action Steps. These notifications are unique and independent of EMV standards. Failure to prepare won’t result in a shift in liability; it will result in a complete disruption of service. Please read below to ensure that you and your merchants are prepared to avoid a shut-down in processing.
 

What is this all about?

The entire industry is shifting to newer security protocols. Previously used SHA-1 and TLS 1.0/SSL 3 have proven to be vulnerable to certain attacks. SHA-1 certificates are scheduled to expire and processors are migrating to SHA-2 and TLS 1.2. Deadlines vary by processor and are subject to change at their discretion.
 

What do I need to do?

Datacap has been updating our payment applications since we learned of the planned changes. See below to see if your merchants will be affected.
 

For NETePay™ Users:

Version 5.05 and above installed after February 1, 2015

  •  No Action Required

Version 5.05 installed before February 1, 2015

  • Close the batch, Uninstall NETePay, and re-install version 5.05.05 (no upgrade fees)

Versions Below 5.05

  • Upgrade to latest version of NETePay via PSCS. Standard Upgrade Rates Apply

 

For Tran™ Users:

Software Version 3.83

  • No Action Required

Software Version 3.82 and below

  • Upgrade to latest Application via PSCS. Standard Upgrade Rates Apply

Processor-Specific Deadlines:

First Data: December 28, 2016

Global Payments US: December 31, 2016

TSYS: January 17, 2017

Chase Paymentech: May 31, 2017

Elavon: December 31, 2017

Heartland: March 31, 2018

These deadlines are mandated by each processor and the listed dates are liable to change at their discretion. Failure to update may result in a processing shutdown for the affected merchants.

For more information, 


Related Articles: