The transition to the use of TLS in payments for compliance with the PCI

PCI SSC has officially announced the postponement of the deadline for the use of unsecure cryptographic SSL protocol with the June 2016 to June 2018. The decision was made in response to requests representatives of industry and information security community experts.


“The first reviews have shown that the transition to a more secure encryption is technically simple, but in the practical implementation in businesses had many problems voiced during the dialogue with sellers of services, processing companies and banks”, – said Stephen Orfei, head of PCI SSC.


“We want to protect the payment service providers from the data theft, but not by the cost of loss of business, therefore, we decided to change the date, – said Orfei. – Global payments ecosystem is very complex, especially regarding the increased use of mobile devices for business.

Consideration of the new requirements imposed by mobile phones, in addition to the upgrade SHA-1 browsers and the transition to EMV-cards in the US – this is a very large amount of tasks. Therefore, it is necessary to give more time to implement the new industry standard. We are working with the industry at all levels of the ecosystem, making every effort to beat the bad guys who want to crack the cryptographic. ”

The previous deadline for migration to TLS 1.1 or higher – June 2016, – has been fixed in the latest version of the PCI DSS (3.1), published in April of this year. The new deadline date will be included in the next version of the industry standard, which is expected to be released next year.

“Some organizations specializing in the protection of electronic payments, has thousands of customers around the world, with different settings SSL and TLS, – said Troy Leach, CTO of PCI SSC.


Troy Leach

Limited migration date will be changed in the new version of the standard, planned for next year, so that these companies and their customers had to meet the deadline. It will also change other related provisions, to provide strong encryption for all future customers. Nevertheless, we urge the organization to make the transition as soon as possible. Timely application of software patches – an important element of information security. “

Posted in Validation, Vulnerabilities Tagged with: , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *


All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.