Integrated Ecommerce Solutions


Nodus FacebookFollow Nodus on TwitterJoin Nodus on LinkedInWatch us on YouTube

TLS 1.2 Security Update

Last Updated: 3/8/2017

The PCI (Payment Card Industry) Council has declared that encryption protocols of SSL and TLS 1.0 should no longer be used in secure environments. Merchants utilizing credit card transactions should be utilizing the encryption protocol TLS 1.2 in their systems by June 30th, 2018.

In response to this, each of the payment gateways that our software connects with will issue their own deadlines for discontinuing support of the insecure encryption protocols. When the payment gateway disables the insecure encryption protocols, most versions of Nodus software will no longer be able to process transactions.

To avoid any interruption to your payment processing, we highly recommend your company starts planning an upgrade of your Nodus software now.

Questions:

Q: When is the deadline for upgrading?

A: The deadline will be set by the Payment Gateway that is being utilized by the Nodus Software. Once the gateway turns off the insecure encryption protocols, transactions will no longer be able to be processed on the older versions of Nodus Software.

Gateway

Migration for Test Environment

Migration for Production Environment

PayFabric® **

May 31st, 2017

August 31st, 2017

PayPal PayFlowPro

February 15th, 2017

June 30th, 2017

First Data Payeezy (GGe4)

May 16th, 2017

July 25th, 2017

USAePay

November 1st, 2015

TBD - Before June 30th, 2018

Authorize.Net

TBD - Before June 30th, 2018

TBD - Before June 30th, 2018

Cybersource

TBD - Before June 30th, 2018

TBD - Before June 30th, 2018

Paymentech Orbital

May 31st, 2017

May 31st, 2017

Moneris

January 31st, 2017

July 18th, 2017

Litle

Early 2018

Early 2018

** Customers with Nodus Software that utilizes PayFabric® need to reference the date set by PayFabric instead of the payment gateway.

Q: How do I know if I need to upgrade my Nodus Software?

A:  Use the following steps to verify if the installed version of the Nodus Software needs to be upgraded.

  1. Go to the system where the Nodus Software is installed
  2. Open the Start menu and type 'Programs and Features' (without quotes) and push Enter to open the 'Programs and Features' window.
  3. Locate the installed Nodus software in the list. (Nodus Credit Card Advantage, Nodus ePay Advantage or Nodus eStore Solution Stack)
  4. If the version number is lower than the following versions, an upgrade will be needed.
    • Nodus Credit Card Advantage 41.0.0.000
    • Nodus ePay Advantage 6.0.0.000
    • Nodus eStore Solution Stack 6.0.0.040

Q: How do I upgrade my Nodus Software?

A: Contact Nodus Technologies support to start planning the next steps. Nodus can provide the installation steps for you to deploy the upgrade yourself or you can utilize our upgrade services. Please note that as the deadlines approach, our technicians’ time will fill up and it will become more difficult to schedule an upgrade.

To contact us, please login to our customer portal and submit a case. If you do not yet have a portal login, send an e-mail to support@nodus.com or call us at (909) 482-4701 option 2.

Q: What is SSL/TLS?

A: Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems.  It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between systems.

Q: What are the SSL/TLS Vulnerabilities?

A: Because of its widespread use online, SSL and early TLS have been targets by security researchers and attackers. Many vulnerabilities in SSL and early TLS have been uncovered over the past 20 years such as the POODLE and Heartbleed vulnerabilities. These vulnerabilities are not able to be fixed through security patches and the only way to avoid these vulnerabilities is to abandon the older encryption protocols entirely.

Q: What steps should I take to ensure my company is not using the insecure encryption protocols?

A: Work with your IT team to ensure the insecure protocols are disabled in your environment. There are likely many different systems in place that may need to be updated to utilize TLS 1.2.

Q: How does this change effect my PCI Compliancy?

A: Prior to June 30th 2018, if your organization has not migrated to the secure encryption protocols, during the next PCI audit, your company will need to prepare a risk mitigation and migration plan to address the migration to the secure protocols.

For more information on migrating away from the insecure encryption protocols of SSL and early TLS, please review the document prepared by the PCI-SSC here.



Top of Page