If you have an eCommerce website, or do a lot of online shopping, you may have heard rumblings about an important TLS upgrade. The reason for this chatter is because the deadline is now almost here for eCommerce websites to update their SSL or earlier versions of their TLS protocols to TLS 1.2 or 1.3.
If this is all new to you, TLS stands for Transport Layer Security, and it is a layer of security that allows computers to safely and securely communicate for things like sending credit card details, or logging into financial websites. The earlier versions of TLS are suffering from of a number of weaknesses – the scary kind of weaknesses that would put customers’ data at risk of being altered or stolen.
Because of these weaknesses, the Payment Card Industry Security Standards Council (PCI) ruled that all sites, that transmit or process credit card data, need to update to version 1.2 by June 30, 2018. After June 30, older browsers or API clients that have not been updated, will no longer work for things like credit card payments. (And if they do still work, the site could face some serious fines for not being PCI compliant, in the case of a data breach.)
Thankfully, many card processing services (like Stripe, PayPal and Shopify), along with most web browsers, already support TLS 1.2, and have done for a few years. A number of older versions of browsers, however, do not. You can see a complete list of compliant or at-risk browsers at https://www.ssllabs.com/ssltest/clients.html.
If you are an eCommerce-related business, and want to check your compliancy is up to date, contact our team, and we will be happy to put your mind at ease, or upgrade you where needed.