The PCI (Payment Card Industry) Council has declared that encryption protocols of SSL and TLS 1.0 will no longer be supported for accepting credit card payments. Merchants accepting credit card payments should be utilizing TLS 1.2 encryption protocols in their systems.

In response to this, each of the payment gateways that our software connects with will issue their own deadlines for discontinuing support of the insecure encryption protocols. When the payment gateways disable the insecure encryption protocols, you will not be able to accept credit card payments without upgrading your Nodus software to the latest version.

To avoid inability to process payments, please contact us immediately at support@nodus.com or 909.482.4701 #2.

Questions:

Q: When is the deadline for upgrading?

A: The deadline will be set by the Payment Gateway that is being utilized by the Nodus Software. Once the gateway turns off the insecure encryption protocols, transactions will no longer be able to be processed on the older versions of Nodus Software.

GatewayMigration for Test EnvironmentMigration for Production Environment
Paymentech OrbitalMay 31st, 2017May 31st, 2017
PayPal PayFlowProAugust 31st, 2016After June 30th, 2017
CybersourceJanuary 16th, 2018 February 28th, 2018
Moneris January 31st, 2017January 29th, 2018
First Data Payeezy (GGe4)May 16th, 2017 January 24th, 2018
PayFabric® **August 2nd, 2017January 29th, 2018
Authorize.NetApril 30th, 2017February 28th, 2018
LitleEarly 2018Early 2018
USAePay November 1st, 2015TBD – Before June 30th, 2018

** Customers with Nodus Software that utilizes PayFabric® need to reference the date set by PayFabric instead of the payment gateway.

Q: How do I know if I need to upgrade my Nodus Software?

A:  Use the following steps to verify if the installed version of the Nodus Software needs to be upgraded.

  1. Go to the system where the Nodus Software is installed
  2. Open the Start menu and type ‘Programs and Features’ (without quotes) and push Enter to open the ‘Programs and Features’ window.
  3. Locate the installed Nodus software in the list. (Nodus Credit Card Advantage, Nodus ePay Advantage or Nodus eStore Solution Stack)
  4. If the version number is lower than the following versions, an upgrade will be needed.

– Nodus Credit Card Advantage – 41.0.0.000

– Nodus ePay Advantage – 6.0.0.000

– Nodus eStore Solution Stack – 6.0.0.040

Q: How do I upgrade my Nodus Software?

A: Contact Nodus Technologies support to start planning the next steps. Nodus can provide the installation steps for you to deploy the upgrade yourself or you can utilize our upgrade services. Please note that as the deadlines approach, our technicians’ time will fill up and it will become more difficult to schedule an upgrade.

To contact us, please login to our customer portal and submit a case. If you do not yet have a portal login, send an e-mail to support@nodus.com or call us at (909) 482-4701 option 2.

Q: What is SSL/TLS?

A: Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems.  It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between systems.

Q: What are the SSL/TLS Vulnerabilities?

A: Because of its widespread use online, SSL and early TLS have been targets by security researchers and attackers. Many vulnerabilities in SSL and early TLS have been uncovered over the past 20 years such as the POODLE and Heartbleed vulnerabilities. These vulnerabilities are not able to be fixed through security patches and the only way to avoid these vulnerabilities is to abandon the older encryption protocols entirely.

Q: What steps should I take to ensure my company is not using the insecure encryption protocols?

A: Work with your IT team to ensure the insecure protocols are disabled in your environment. There are likely many different systems in place that may need to be updated to utilize TLS 1.2.

Q: How does this change effect my PCI Compliancy?

A: Prior to June 30th 2018, if your organization has not migrated to the secure encryption protocols, during the next PCI audit, your company will need to prepare a risk mitigation and migration plan to address the migration to the secure protocols.

For more information on migrating away from the insecure encryption protocols of SSL and early TLS, please review the document prepared by the PCI-SSC here.