TLS Update

Last September we sent out a communication regarding the upcoming PCI changes, whereby a new security protocol would be in place by June 30, 2018. You are receiving this communication as a reminder that we’re less than a year away from the standard going into effect.

The Payment Card Industry Data Security Standard (PCI DSS) 3.1 release will impact payment processing for your business. Depending on what version of point-of-sale or property management system you are running, you might have to upgrade your payment driver, or your POS/PMS software, or both, to remain compliant with PCI and continue processing transactions. If you are on an older version, your upgrade must occur before June 2018 to continue processing credit card payments.

PCI Council released 3.1 to address critical vulnerabilities in the world of Information Security. Perhaps the most notable update was the exclusion of SSL as an acceptable method of encryption for PCI cardholder data, and the introduction of Transport Layer Security (TLS) as the “next generation” of internet security. TLS 1.2 is now the standard required for encryption for data being transmitted over the Internet. The PCI-DSS standards require that (subject to very limited exceptions) all merchants, processors, gateways, etc. must use TLS 1.2 by June 30, 2018.

After June 30, 2018, Merchant Link will no longer be able to accept transactions on our gateway that do not meet TLS 1.2. Merchant Link and the payments industry are implementing this change to maintain compliance with PCI security regulations, which is an important step in keeping data secure.

Merchant Link is completing its work to address the new requirement ahead of the June 2018 deadline. Please be aware that during this process if you have a SHA1 certificate, you will need to update it to a SHA256 certificate. Merchant Link will work with you to determine if this is required.

You have our commitment that we will continue to communicate updates to you. Our goal is to ensure your business is not negatively impacted by this requirement.

If you have any questions, please reach out to your account manager.

Please note: Effective August 31, 2017, to be in accordance with applicable PCI-DSS requirements, Merchant Link will only board merchants with drivers that are TLS 1.2 compliant.

Make sure your business is not adversely impacted on June 30, 2018…

Upgrade your POS/PMS solution today and ensure you meet today’s PCI standards using TLS, and are able to process credit card payment without interruption.