Skip to content

Millions Of Merchants May Fail To Meet The Security Deadline

While an overwhelming number of retailers in the United States are still pacing the shift to the use of EMVs, another persuasive tech has hit the market. Most retailers are still lagging behind as they should have ditched the use of TLS 1.0 as their primary transaction security protocol which is set to expire in around ten months. Failure to take action may leave you incapable of processing transactions.

If you are counting on the1.0 version of Transport Layer Security (TLS) to encrypt your payment method, then it’s time to upgrade. Hackers have taken advantage of it that the Payment Card Industry has determined to withdraw support for the 1.0 version of TLS on June 30, 2018.

The only intelligent move any merchant can make is to change over to either of the two new versions, TLS 1.1 or TLS 1.2 which should be quite simple. However, merchants who use outdated computer hardware and Windows 7. And according to Dom Lachowicz, the vice president of engineering at Cayan, most retailers will have to make significant changes in their e-commerce operations in preparation for next July.

Cayan, one of the leading payment technology providers, approximated that about 60% of all retailers are still using the obsolete version, TLS 1.0. And merchants who don’t upgrade to recent versions by 2018’s deadline could record losses to the tune of billions.

Right now Cayan is notifying merchants to assess their systems and make the necessary changes in time. Major payment providers like EMB are also working with retailers to create awareness about the upgrade.

Small merchants will still face major challenges, but established merchants may also need to add in significant elements to root out outdated operating systems that are not compliant with TLS 1.1 and 1.2. Despite the fact that bigger companies have an advantage over SMBs, the pressure is the same, and if they don’t act fast, many will be caught up in the last minute rush.

TLS whose original version was introduced in 1999 to take over Secure Socket Layer and its 1.1 version was supported by the PCI council after which1.2 superseded more than a decade ago. The latest version TLS 1.3 is currently in draft form and is not yet commercially available.