RETAIL PRO COMMUNITY RESOURCES
Preparing For TLS 1.0 Sunset
The PCI Software Security Council has played a significant part in keeping payments safe for a long time, and now it is taking the steps to retire older encryption protocols across the industry to stay in tune with the times. Older technology, including Transport Layer Security (TLS) 1.0 and Secure Sockets Layer (SSL), are no longer considered to be strong cryptographic protocols and are headed for retirement. In the PCI 3.2 standard, the PCI SSC has mandated that by June 2018, retailers and service providers must adopt newer versions of the TLS cryptographic standard, and waiting is not recommended.
The new PCI standard mandates that:
- All processing and third party entities – including Acquirers, Processors, Gateways and Service Providers - must provide a TLS 1.1 or greater service offering by June 2016.
- Consistent with the existing language in PCI DSS v3.1, all new implementations must be enabled with TLS 1.1 or greater. TLS 1.2 is recommended.
- All entities must cutover to use only a secure version of TLS (TLS 1.1 or greater) effective 30 June 2018.
While some payments providers or stored value/gift card providers may choose to discontinue support for TLS 1.0 on their own schedules, all providers will adhere to Security Council’s mid-2018 deadline requirement. Retail Pro’s US payments partner Cayan has made preparations in advance of these cut-over dates, and already uses TLS 1.2 when communicating with all of its payments partners.
Retail Pro International has already made necessary modifications to Retail Pro products to ensure Retail Pro users will have ample time to make a smooth transition. Once validated and certified via Cayan, Retail Pro users will need to adopt the compliant version of Retail Pro by June 2018.
Even though the migration deadline is still over 10 months away, retailers should plan their technology updates in advance. Software updates are free for retailers with a current Retail Pro Software Assurance maintenance plan. Please contact your Retail Pro Business Partners to renew your plan, inquire about service costs to install the update, and/or to plan for all necessary migration preparations.