Mar
02
Keywords: 

UPDATE - Payeezy API Security Protocol Update Postponed.

We have heard from our customers in regards to discontinuing support for TLS1.0 and TLS1.1 protocols and have postponed the deprecation timeframes for the PROD and CERT environments for these protocols. The changes made to the CERT (Sandbox) environment have been reverted back and we will continue to support TLS1.0 and TLS1.1 protocols. We will also continue to work with our security teams to comply with the PCI mandates.

No action is required at this time. As always, if you require technical assistance with the APIs, please contact support@payeezy.com or dial 1-855-799-0790 for US and +44 (0) 1268-567136 for Europe.

===========================================================================================================

The National Institute of Standards and Technology (NIST) identified SSL (Secure Socket Layer) and earlier versions of TLS (Transport Layer Security, the successor protocol to SSL) as weak secure network communication protocols that are not acceptable for the protection of data.

The PCI Security Standards Council set a deadline of June 30, 2016 for all POS Software/Terminals, Gateways and APIs to support TLS1.1 or TLS1.2 security protocols. All POS Software/Terminals, Gateways and APIs that fail to support TLS1.1 or TLS1.2 security protocols by June 30, 2016 will become non-compliant.

In accordance with our commitment to maintaining the safety and security of sensitive data, Payeezy API will discontinue supporting SSL and earlier versions of TLS starting March 31, 2016 and discontinue supporting TLS1.1 starting July 31, 2016. Support for any ciphers less than 128bit, for TLS1.2, will also be discontinued starting July 31, 2016.

Additionally, for the CERT (Sandbox) environment, Payeezy API will discontinue supporting SSL, TLS1.0, and TLS1.1 starting March 10, 2016. Support for any ciphers less than 128bit, for TLS1.2, will also be discontinued starting March 10, 2016 in the CERT environment.  

This change affects all clients which have integrated through developer.payeezy.com and are currently utilizing Payeezy APIs.

If you are unable to migrate within the above described time frames or require technical assistance with the APIs, please contact support@payeezy.com or dial 1-855-799-0790 for US and +44 (0) 1268-567136 for Europe.

ACTION NEEDED:
Deprecation timeframe for CERT environment:
TLS1.0 and earlier – March 10, 2016
TLS1.1 and earlier – March 10, 2016
DES-CBC3-SHA Cipher for TLS1.2 – March 10, 2016

Deprecation timeframe for PROD environment:
TLS1.0 and earlier – March 31, 2016
TLS1.1 and earlier – July 31, 2016
DES-CBC3-SHA Cipher for TLS1.2 – July 31, 2016

For more information around the PCI guidelines please reference the PCI website.  

TL;DR: Payeezy API will perform maintenance to implement support for TLS1.2 protocols and discontinue support for TLS1.0/TLS1.1 on the dates above.