SHA-2/TLS 1.2
More than likely, your merchants have received letters from their banks/processors notifying them of Security Updates, Shut-Off Dates, and Required Action Steps. These notifications are unique and independent of EMV standards. Failure to prepare won’t result in a shift in liability; it will result in a complete disruption of service. Please read below to ensure that you and your merchants are prepared to avoid a shut-down in processing.
What is this all about?
The entire industry is shifting to newer security protocols. Previously used SHA-1 and TLS 1.0/SSL 3 have proven to be vulnerable to certain attacks. SHA-1 certificates are scheduled to expire and processors are migrating to SHA-2 and TLS 1.2. Deadlines vary by processor and are subject to change at their discretion.
What do I need to do?
Datacap has been updating our payment applications since we learned of the planned changes. See below to see if your merchants will be affected.
For NETePay™ Users:
Version 5.05 and above installed after February 1, 2015
No Action Required
Version 5.05 installed before February 1, 2015
Close the batch, Uninstall NETePay, and re-install version 5.05.05 (no upgrade fees)
Versions Below 5.05
Upgrade to latest version of NETePay via PSCS. Standard Upgrade Rates Apply
For Tran™ Users:
Software Version 3.83
No Action Required
Software Version 3.82 and below
Upgrade to latest Application via PSCS. Standard Upgrade Rates Apply
Processor-Specific Deadlines:
First Data: December 28, 2016
TSYS: January 17, 2017
Chase: May 31, 2017
Elavon: June 27, 2018
Heartland: May 31, 2018
Global Payments US: June 27, 2018
These deadlines are mandated by each processor and the listed dates are liable to change at their discretion. Failure to update may result in a processing shutdown for the affected merchants.