Mer­chants Not Ready for TLS

Most mer­chants are still re­ly­ing on the 1.0 ver­sion of Trans­port Layer Se­cu­rity, but the PCI coun­cil plans to drop sup­port for that ver­sion in mid-2018.

ISO & Agent - - SECURITY | COMPLIANCE - BY KATE FITZGER­ALD

Plenty of U.S. mer­chants still work­ing to com­plete their mi­gra­tion to EMV now have an­other high-pres­sure tech­nol­ogy hur­dle to worry about: Most are still us­ing a core trans­ac­tion se­cu­rity pro­to­col set to ex­pire in the next 11 months and if they don’t take ap­pro­pri­ate ac­tion they’ll be un­able to process trans­ac­tions.

Most mer­chants are still re­ly­ing on the 1.0 ver­sion of the pay­ment en­cryp­tion method known as Trans­port Layer Se­cu­rity (TLS), but hack­ers have so thor­oughly ex­ploited it that the Pay­ment Card In­dus­try is with­draw­ing sup­port for that ver­sion on June 30, 2018, and pro­ces­sors will fol­low suit im­me­di­ately.

Switch­ing to one of two more re­cent sup­ported ver­sions of the en­cryp­tion pro­to­col—ei­ther TLS 1.1 or TLS 1.2— should be rel­a­tively sim­ple. But many mer­chants are held back by their use of older com­puter hard­ware and Win­dows op­er­at­ing sys­tems prior to Win­dows 7.

Pay­ments tech­nol­ogy provider Cayan es­ti­mates that about 60% of all mer­chants are still re­ly­ing on the older ver­sion, TLS 1.0, and po­ten­tial losses to mer­chants that don’t make the up­grade to newer ver­sions by next year’s dead­line could run into the bil­lions.

“We’ve mea­sured our own mer­chants’ ex­po­sure and presently about 55% of Cayan mer­chants are us­ing the older ver­sion and will need to make some kind of change within the com­ing months to avoid losses,” said Dom La­chow­icz, se­nior vice pres­i­dent of en­gi­neer­ing at Bos­ton-based Cayan.

Cayan re­cently stepped up its pro­gram to no­tify mer­chants of the need to as­sess ex­ist­ing sys­tems to make changes in time, ac­cord­ing to La­chow­icz. Other ma­jor pay­ments providers in­clud­ing Elavon and Chase Mer­chant Ser­vices also said they are work­ing closely with mer­chants to drive aware­ness.

“We’re find­ing that lots of mer­chants are go­ing to need to make very sub­stan­tial changes in their store­front and e-com­merce op­er­a­tions to be ready for next July,” La­chow­icz said.

For large mer­chants with more com­plex, integrated POS sys­tems that lever­age older, out of date op­er­at­ing sys­tems, nec­es­sary up­grades could cost “hun­dreds to thou­sands of dol­lars per lane,” La­chow­icz said.

“About 55% of Cayan mer­chants are us­ing the older ver­sion [of TLS] and will need to make some kind of change within the com­ing months,” said Dom La­chow­icz, SVP of en­gi­neer­ing at Cayan.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.