TLS 1.2 Update


The PCI (Payment Card Industry) Council has declared that encryption protocols of SSL and TLS 1.0 should no longer be used in secure environments.


In response to this, PayFabric will be updated to only support communication using the TLS 1.2 encryption protocol on June 13th, 2018 [Completed].


To avoid any interruption with transaction processing, merchants should verify with their application vendor(s), developer(s) and/or IT provider(s) to ensure systems that connect to PayFabric support the TLS 1.2 Encryption Protocol. As some systems may require an update to support the TLS 1.2 Encryption Protocol, it is recommend to verify all systems in the merchant environment are ready for the change as soon as possible.

Frequently Asked Questions

When is the deadline for TLS Update with PayFabric?

The deadline for PayFabric Sandbox (https://sandbox.payfabric.com) will be August 2nd, 2017 and for PayFabric Production (https://www.payfabric.com) will be June 13th, 2018 [Completed].

What is SSL/TLS?

Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between systems.

What are the SSL/TLS Vulnerabilities?

Because of its widespread use online, SSL and early TLS have been targets by security researchers and attackers. Many vulnerabilities in SSL and early TLS have been uncovered over the past 20 years such as the POODLE and Heartbleed vulnerabilities. These vulnerabilities are not able to be fixed through security patches and the only way to avoid these vulnerabilities is to abandon the older encryption protocols entirely.

What steps should I take to ensure my company is not using the insecure encryption protocols?

Work with your IT team to ensure the insecure protocols are disabled in your environment. There are likely many different systems in place that may need to be updated to utilize TLS 1.2.

How does this change affect my PCI Compliancy?

If your organization has not migrated to the secure encryption protocols before June 30th, 2018, your company will need to prepare a risk mitigation and migration plan to address the migration to the secure protocols during your next PCI audit.


For more information on migrating away from the insecure encryption protocols of SSL and early TLS, please review the document prepared by the PCI-SSC here.