Home Validation The transition to the use of TLS in payments for compliance with the PCI

The transition to the use of TLS in payments for compliance with the PCI

Posted on by editor

PCI SSC has officially announced the postponement of the deadline for the use of unsecure cryptographic SSL protocol with the June 2016 to June 2018. The decision was made in response to requests representatives of industry and information security community experts.

Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.

pcidss

“The first reviews have shown that the transition to a more secure encryption is technically simple, but in the practical implementation in businesses had many problems voiced during the dialogue with sellers of services, processing companies and banks”, – said Stephen Orfei, head of PCI SSC.

stephen

“We want to protect the payment service providers from the data theft, but not by the cost of loss of business, therefore, we decided to change the date, – said Orfei. – Global payments ecosystem is very complex, especially regarding the increased use of mobile devices for business.

Consideration of the new requirements imposed by mobile phones, in addition to the upgrade SHA-1 browsers and the transition to EMV-cards in the US – this is a very large amount of tasks. Therefore, it is necessary to give more time to implement the new industry standard. We are working with the industry at all levels of the ecosystem, making every effort to beat the bad guys who want to crack the cryptographic. ”

The previous deadline for migration to TLS 1.1 or higher – June 2016, – has been fixed in the latest version of the PCI DSS (3.1), published in April of this year. The new deadline date will be included in the next version of the industry standard, which is expected to be released next year.

“Some organizations specializing in the protection of electronic payments, has thousands of customers around the world, with different settings SSL and TLS, – said Troy Leach, CTO of PCI SSC.

troyleach

Troy Leach

Limited migration date will be changed in the new version of the standard, planned for next year, so that these companies and their customers had to meet the deadline. It will also change other related provisions, to provide strong encryption for all future customers. Nevertheless, we urge the organization to make the transition as soon as possible. Timely application of software patches – an important element of information security. “

Related posts:

  1. PCI DSS 3.2: what you need to remember?
  2. How exactly will be called the next version of the TLS?
  3. The main problems associated with the transition to HTTPS
  4. Google refused to trust certificates WoSign and StartCom
  5. CloudFlare insists on encryption
  6. Certificates Transparency: what you should know about it
  7. Which fields includes the certificate?
  8. Symantec SSL Certificates displays error due to a bug in Chrome
  9. TLS-encryption of e-mail client
  10. Comodo is trying to get the brand Let’s Encrypt

Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.

Posted in Validation, Vulnerabilities Tagged with: , , , , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.