TLS 1.2 Compliance

by Jackie Hollenkamp Bentley

By now iCheckGateway.com‘s customers have received their billing statements along with a notice that, as of July 1, 2017, we are no longer supporting TLS 1.0 or 1.1 over HTTPS and that any older browsers or API clients that do not support TLS 1.2 will no longer work.

So, is this cause for panic? Certainly not. What this actually means is higher security standards for clients and customers when initiating and processing credit card transactions over the internet, thereby engendering a solid sense of trust and integrity for iCheckGateway.com‘s clients and service providers.

So, what exactly IS TLS 1.2? To oversimplify, it’s a security measure that protects sensitive information (i.e. credit card transactions) as it’s transmitted from one person’s computer/app/website to another.

For the tech-savvy, Microsoft (https://technet.microsoft.com/en-us/library/cc784450(v=ws.10).aspx ) gives a more detailed explanation:

“In the authentication process, a TLS/SSL client sends a message to a TLS/SSL server, and the server responds with the information that the server needs to authenticate itself. The client and server perform an additional exchange of session keys, and the authentication dialog ends. When authentication is completed, SSL-secured communication can begin between the server and the client using the symmetric encryption keys that are established during the authentication process.”

With all that being said, what does this mean for the iCheckGateway.com customer? Per mandates by the PCI Security Council (Payment Card Industry Security Council), web browsers must support the latest security protocols established with TLS 1.2 or those sites will no longer work. (Ever surf the web and land on a page that says “The site’s security certificate has expired or is not valid” or any other “Error” warnings?).

Our clients must make sure their web browsers are using the latest browsers or credit card transactions and all other website functions will not work.

But checking is easy. Click on http://howsmyssl.com and a page will open that will tell users whether or not their browsers are secure and PCI compliant.

If not, upgrading is essential or your customer’s transactions will not be secure. Business owners should contact their IT departments to confirm their website’s security. For the smaller business owners, contact your website’s host provider.

As for our client’s customers, they need to be advised to also upgrade their browsers. The good news is that bringing the browser up to date is as simple as logging into the browser’s official website and downloading the newest version. To help, here are links to some of the more popular sites:

For further questions, don’t hesitate to contact us at 888.746.5741 or log onto www.iCheckGateway.com.

This entry was posted in ICG Updates. Bookmark the permalink.

Comments are closed.