COVID-19 UPDATE

OUR FULL TEAM IS AVAILABLE ONLINE

We are ready to assist you with any website and digital marketing requirements. Please get in touch if you need a hand.

  • 1300 2266 24
  • search
  • Start a Project
  • Client Login

Learn with Concise

Abilash
Abilash

E-commerce websites and PCI v3.1

E-commerce websites and PCI v3.1

Posted in Internet Security by on January 29, 2016
credit-card-data-protection-pci-dss-compliance-software-save9-800x500

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Below is a high-level overview of the 12 PCI DSS requirements.

PCI-Data-Security-Standards-High-level-overview

The Payment Card Industry (PCI) Security Standards Council has released a new version, v3.1 and it is mandatory that you verify your systems’ compliance to avoid service interruptions.

How does this affect your E-commerce business?

PCI v3.1 affects every e-commerce websites and there are steps that must be taken to assure our data is safe. Soon, any SSL version as well as TLS 1.0 will no longer meet DSS due to vulnerabilities that cannot be patched. If you are using a payment gateway, your merchant will soon start disabling SSLv3 and TLS v1.0 connections to their servers.

Almost all of the e-commerce websites and applications uses SSL libraries to connect to merchant gateways and other card processors. If the merchant disabled a security protocol following PCI requirement and if your server’s SSL library cannot support a newer protocol version, your connectivity with your merchant will be affected.

What should you do?

Most of your servers will not require any changes unless your hosting provider is running an older version of OS or SSL libraries. You may start experiencing failures to connect to your merchant gateway in that case. This would mean that you will no longer be able to process payments from your website or application.

How does Concise Digital help?

At Concise Digital, our first step would be to ensure all our servers SSL libraries support TLS 1.1 or 1.2. We will also make sure all the applications and systems we manage are patched and up to date. If you are not a customer of Concise Digital yet but would like to have your servers and websites reviewed for the upcoming PCI v3.1 changes, you may contact us now.

Further readings:

Early Migration Guide
https://www.concise.digital/wp-content/uploads/2016/01/Migrating_from_SSL_Early_TLS_Information20Supplement_v1.pdf

What You Should Do Now?
https://www.pcicomplianceguide.org/pci-dss-v3-1-and-ssl-what-you-should-do-now/

Payment Card Industry Data Security Standards v3.1
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf

Original Date Of June 2016 For Migration Extended To June 2018
https://www.concise.digital/wp-content/uploads/2016/01/15_12_18_SSL_Webinar_Press_Release_FINAL_2800229.pdf

Connect with us

Would you like to know the best tools and business resources we recommend?

Connect with us on social media as we share links to news, vital updates and other cool stuff to make you money and save you money.

Learn with us

Now you can learn how to stay on top of change in the digital world. We run workshops and webinars to help our clients and our community. Most of these are free.

Join up for webinar invites

    Concise Digital Site Map