Considerable changes are being made to PCI requirements in order to address a vulnerability with SSL encryption called POODLE. In short, SSL encryption, which has been the standard encryption method for decades, is no longer PCI compliant due to vulnerabilities in this protocol.
In April 2015, the Payment Card Industry Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS), only four months after version 3.0 went into full effect. The most important changes are in the communications protocols SSL (all versions) and TLS (version 1.0). These protocols are now considered insecure. They are vulnerable to well-known exploits such as Heartbleed and POODLE.
The PCI due date for security up to date, more secure conventions was initially in June 2016. This gave associations 14 months to address the update. The liberal calendar was an affirmation of true staffing and spending worries, in spite of the way that the defects in these more established conventions were by and large effectively misused every day.
In April, the industry was all over the news. “Try not to hold up! Do it now!” was the rallying call. The PCI site reported the dangers of proceeding to utilize these out of date conventions. Be that as it may, in December the due date was stretched out from June 2016 to June 2018, giving an additional two years before compliance.
This change represents a significant opportunity for Merchants to take advantage of Harbortouch’s Point of Sale Systems. Harbortouch has gotten out ahead of this potential disruption, but most of our competitors are just starting to become aware of this issue and it is likely that many of them will be severely impacted. SSL has been the standard encryption protocol for decades, so virtually every POS system older than a few months will likely require a costly security upgrade no later than June 2018 (with some deadlines as soon as this summer) or face a complete shutdown of credit card processing capabilities. Don’t be caught in this SSL Shutdown. You can rely on Harbortouch Point of sale systems are completely PCI compliant.