The Next Big Deadline in Payment Security

July 1, 2018, is the TLS Changeover date, which is the next big security deadline for payments processing. That is six months away, but you need to start planning now, writes Collin Sullivan, national sales manager for Avatas Payment Soulutions, because if the changeover isn’t managed properly, it could have a major impact on your ability to accept credit cards. Here is an overview of the TLS deadline and its potential impact on you.

What are the basics?

Transport Layer Security (TLS) is an encryption method that is widely used in payments processing. Basically, it ensures that your sensitive information can’t be intercepted when you are sending it over the internet.

You may not have heard of it, but you have definitely used it. Think of the last time you purchased something online or signed into an online account. If you looked at the address bar in your browser, you might have noticed a little lock icon and a URL that begins https://www. If you saw the ‘HTTPS’ part of the URL, it means you were using TLS.

As with nearly every other aspect of modern technology, TLS is periodically updated to enhance security, add new features and make other incremental improvements. In the case of TLS, the 1.0 version is out of date and will no longer be approved by the Payment Card Industry (the organization that sets industry-wide standards for accepting credit cards) as of July 1, 2018.

This means that if a merchant is using TLS 1.0 and does not upgrade before June 30, 2018, at 11:59 p.m., they will no longer be able to process credit card transactions.

Who is impacted by this deadline?

Everyone who accepts credit card payments has the potential to be impacted by this security deadline regardless of industry. This includes merchants and processors like Avatas. Among fuel oil marketers, the biggest impact will be felt by operators that process credit cards online, including those who use virtual or stand-alone terminals, merchant portals and browser-based point-of-sale devices.

What do I as a merchant have to do?

This is going to impact everyone. Avatas has taken care to ensure that all of its back-end technology is fully compliant and your processor should have done the same. But merchants need to take steps to prepare as well. If you process credit cards online, start with the following:

• Take stock of the operating system you are using. In many cases, the version of TLS that you are using is tied to your operating system. If you are using Windows 7 or greater you should be fine. If you are using an older version like Windows XP or Windows Vista you may want to start planning an upgrade.
• If you are using a POS device (including a browser-based POS that runs on Windows) find out what it predominantly runs on. If it runs on Windows XP, Server 2003, Vista, Server 2008, you will likely be impacted by the deadline.

Next steps

Most importantly, don’t panic. There is still plenty of time to make sure you are covered, and prior to July 1, 2018, there will be no impact to your processing ability. If you haven’t heard from your processor, contact them and ask about their plan for managing the changeover.

AVATAS Payment Solutions is a payment processing company for the energy industry. Collin Sullivan can be reached at 866.298.7836 or by email at info@avataspayments.com.