Merchants need to start planning TLS migration
Merchants using SSL encryption to protect transactions will soon have to upgrade to TLS — but not all payment vendors are ready.
“From our experience, it seems to be 60-40,” said Don Brooks, senior security engineer at Chicago-based Trustwave Holdings, Inc., which provides PCI compliance services. “Sixty percent have it, 40 percent don’t.”
SSL, or secure sockets layer, has been ground zero for a series of recent vulnerabilities.
As a result, the National Institute for Standards and Technology released guidance last year requiring all federal agencies to upgrade to a successor standard, TLS 1.2.
In February, the Payment Card Industry Securities Standards Council followed up on the NIST recommendation in a bulletin.