Merchants need to start planning TLS migration

Merchants using SSL encryption to protect transactions will soon have to upgrade to TLS — but not all payment vendors are ready.

“From our experience, it seems to be 60-40,” said Don Brooks, senior security engineer at Chicago-based Trustwave Holdings, Inc., which provides PCI compliance services. “Sixty percent have it, 40 percent don’t.”

SSL, or secure sockets layer, has been ground zero for a series of recent vulnerabilities.

As a result, the National Institute for Standards and Technology released guidance last year requiring all federal agencies to upgrade to a successor standard, TLS 1.2.

In February, the Payment Card Industry Securities Standards Council followed up on the NIST recommendation in a bulletin.

To read this article in full or to leave a comment, please click here