At the end of June, digital charge card transactions are getting a mandatory encryption upgrade. It’s good news–but not if you have an old device, or depend on a retailer that hasn’t completed the transition.
When data moves from one device to another, it needs protection so it isn’t intercepted and manipulated along the way. This defense is especially crucial, as you might imagine, for sensitive communications like financial transactions. And with credit card scam booming, the Payment Card Industry Security Standards Council announced last year that it would phase out an old, buggy encryption strategy used for processing digital credit card transactions, called Transport Layer Security 1.0, in favor of most secure alternatives. The deadline: June 30.
‘The problems are fundamental protocol design issues , not something that can be easily fixed.’
Kenn White, Open Crypto Audit Project
Though there are exceptions for merchants that operate their own pay processing servers, organizations that use PCI-compliant commerce platforms–almost everyone–need to upgrade the encryption protocols on their websites and pay terminals if they haven’t already. Operating these updates should be pretty easy for a small business that has a couple of charge card readers and a website, but merchants need to know to do it in the first place. Big companies with thousands of payment terminals and a massive web presence face a more significant update challenge. With the deadline only weeks away, some are still scrambling. In the worst-case scenarios, those charge card transactions will simply stop going through.