What is PCI?
PCI is a standard set out by the major credit card brands and run by a council they set up called the Payment Card Industry Security Standards Council. It was established to give greater control over cardholder data in an attempt to reduce fraud.
What is SSL/early TLS?
Transport Layer Security (TLS) is a crypto protocol that’s used to establish a secure link between two computers. It’s used to authenticate the computers and protect the data sent between the two systems. Originally developed as SSL by Netscape in the early 90s. TLS 1.0 was launched in 1990. So, as you can imagine, it’s got more holes in than some swiss cheese. It’s now beyond patching, so people need to stop using it.
What’s changing with PCI?
On the 30th of June this year, the PCI council is going to reject any payments attempted via the not very secure TLS1.0 encryption standard.
Dean Luxton, one of our engineers says:
"Stop using TLS 1.0 and 1.1. Only use TLS 1.2 which has a much higher level of encryption. Take steps towards insuring AEAD ciphers are in use as they will soon become the standard. (AEAD ciphers are the only ones with no known vulnerabilities)."
In short, upgrade your TLS now.
Tools for testing configuration