March 7, 2017
IMPORTANT: You May Be Required to Update to the TLS 1.2 Protocol
If you are you using an old web browser or a server-to-server setup to connect with Shift4’s DOLLARS ON THE NET payment gateway and/or our i4Go solution, you will soon be required to update to the TLS 1.2 protocol. If you do not make this update, your payment processing may be impacted.
Please Note: Most DOLLARS ON THE NET users will not be affected by this requirement. If you are unsure whether this notification applies to you, please read this Executive Insight by Shift4’s Senior Director of Security Compliance, Stephen Ames, for clarification.
Last summer, we announced that on March 31, 2017, we would turn off support for SSLv3 and early TLS (i.e., TLS v1.0 and v1.1). These older protocols were used to secure communications between a user’s web browser and a website but have become vulnerable to exploit by numerous malware attacks, including Heartbleed, Freak, POODLE, Shellshock, and others.
As a leader in payment security, Shift4 is committed to completing our transition away from these outdated protocols long before the PCI SSC’s June 2018 deadline, at which time merchants still using them will no longer be able to maintain PCI DSS compliance. We removed SSL and early TLS from our internal environment two years ago and eliminated support for the protocols in our external test environments during the fall of last year.
Now that we’re getting close to completely dropping support for SSL and early TLS in live transaction processing, we are providing a phased schedule by product so you won’t experience any surprises.
- Direct server-to-server via HTTPS (does not affect Universal Transaction Gateway implementations) – April 4, 2017
- HTTPS to/from 4Res – April 11, 2017
- HTTPS to DOLLARS ON THE NET – April 18, 2017
- HTTPS to IT’S YOUR CARD – April 25, 2017
- HTTPS to 4Word – May 2, 2017
- HTTPS to i4Go – May 9, 2017
If you think you might still be using SSL or early TLS to connect with Shift4, please contact Shift4 Customer Support immediately at 702.597.2480 (option 2) or [email protected] for guidance.