Credit Card Security – What You Need to Know About the TLS Update
SiteLink StandAlone, PCI requirements and staying ahead of the hackers
Threats to data security are becoming more common and sophisticated. Attackers are getting better at avoiding detection, and the rise in the sheer number of devices connected to the Internet make it statistically easier to find a point of weakness. Hackers are sure to be continuously looking for ways to infiltrate security protocols, and businesses need to do what they can to protect sensitive and valuable information.
New security protocols mandated
You may have recently been required to update your SiteLink StandAlone software to accommodate new security protocols. Or, you may have found that credit card payments suddenly don’t work at your facility. This is probably because the Payment Card Industry (PCI) rolled out new security protocol requirements for merchants who store or transmit sensitive information like credit card numbers over the Internet.
These new Payment Card Industry Security Standards Council (PCI SSC) requirements state that all payment systems must disable earlier versions of TLS security protocols and transition to TLS version 1.1 or preferrably 1.2. Older protocols (SSL and TLS 1.0) are highly vulnerable to security breaches.
What is TLS?
Transport Layer Security (TLS) is a set of rules, or protocol, that encrypts and authenticates Internet traffic between 2 systems, essentially making the transaction “confidential” and secure. Merchants who transmit sensitive information (i.e. credit card info) over the Internet rely on TLS to send this data securely. This set of rules was originally developed as Secure Sockets Layer (SSL) by Netscape in the early 1990s.
Weaknesses in early TLS and SSL
As eCommerce grew, hackers took advantage of vulnerabilities in early TLS/SSL and sensitive information was at times exposed. The POODLE attacks and Heartbleed bug are a couple of examples of how hackers exploited these weaknesses. With POODLE, attackers were able to gain access to passwords and other authentications to gain more complete access to a user’s private account data on a website. With Heartbleed, attackers could “trick” a web server into sending passwords, usernames and other sensitive data. Both were results of vulnerabilities in SSL/TLS or the implementation of the protocols.
In response to these known attacks and to ward off potential new ones, PCI and the Internet Engineering Taskforce (IETF) improved security with major upgrades to TLS protocol -TLS v1.1 and 1.2, stating that “the existence of the POODLE and Heartbleed exploits, among others, prove that anyone using SSL and early TLS risks being breached.” According to PCI, the best way to protect against today’s threats is by migrating to newer versions of TLS.
Who is affected by this change?
Self-storage operators who take credit cards in our StandAlone product (Web Edition is not vulnerable) need to be aware of these new requirements. SiteLink has notified its customers using SiteLink StandAlone software that they may need to update their software. If you’re using StandAlone, you may have received a postcard mailer, email or phone call regarding this issue. It needs to be addressed or your payment processing will simply stop working. Some payment gateways have already disabled access to less secure software and all of them will be doing so very soon. For example, Authorize.Net temporarily disabled connections to older TLS protocols for a few hours to help their customers identify issues on January 30, 2018 and again on February 8, 2018 with permanent disconnection Feb 28, 2018. The final deadline to comply is June 30, 2018.
What you need to do
If you’re using SiteLink StandAlone, you may need to take action. StandAlone was upgraded last year to version 4.24, which accommodates TLS version 1.2. Verify you are running version 4.24. If you aren’t, you’ll need to update for credit card payments to work.
If you are using SiteLink Web Edition, you don’t have to do anything. SiteLink has already ensured that the Web Edition and myHub you use every day to process credit cards is accommodating TLS 1.2.
Benefits of subscription software
Technology is constantly evolving, and updates – including ones involving security protocols – are inevitable. If you don’t want your business negatively affected by these issues, upgrading to SiteLink Web Edition is a great option. Cloud-based subscription models like Web Edition have many benefits to the consumer, one of the most important is providing all customers real-time updates that correct vulnerabilities such as TLS. SiteLink automatically updates the software in the cloud for you at regular intervals or as necessary.
With new vulnerabilities being identified daily, it’s important to take steps to ensure your data is safe. Cybercrime is on the rise, affecting more and more businesses and consumers alike. Some experts believe that SSL/TLS targeted attacks are increasing because of improved data encryption processes. In any case, you can be sure hackers are working very hard to find new ways to steal data—so be sure to partner with companies that prove they take data security seriously.
Credit Card Security – What You Need to Know About the TLS Update Comments
Share your thoughts and comments about the SiteLink news article, Credit Card Security – What You Need to Know About the TLS Update, we look forward to the conversation.
Related SiteLink News
Check out other SiteLink news articles related to Credit Card Security – What You Need to Know About the TLS Update.
Real-time SiteLink Services Status Enhances Communication
At the rare times there are issues preventing the optimal functionality of SiteLink’s products or services, the new status system ensures users have the most up-to-date information about current problems and known issues with SiteLink Software.
Six Questions to Ask During a Self-Storage Facility Audit
Performing a self-storage facility audit is a very important task for any owner to ensure that operations are running smoothly and according to set policies and procedures. Audits should be performed periodically and without notice to ascertain a wide range of operational deficiencies; sometimes the result of theft.
Filter SiteLink News
Search news by category tags and find the information most important to you.
Sign Up For Notifications
Register to be notified by a variety of SiteLink and Industry emails and announcements.Manage Email Preferences
Top SiteLink News Posts
StorageForum is here! Designed as a place to ask questions, share knowledge and talk about SiteLink ...
SiteLink marks a new milestone with the rapid adoption of its free, built-in eFile Management now st...
Mini-Storage Messenger announced their 2016 Facility of the Year Award winners and two of the five w...