Logo

PKI Consortium blog

Posts by author Billy VanCannon

    Why You Should Get Familiar With TLS If You Accept Credit Cards
    April 28, 2015 by Billy VanCannon Encryption PDF SSL/TLS Vulnerability

    The group that manages the Payment Card Industry Data Security Standard quietly announced in February that an imminent update was coming to its payment card and application requirements related to the use of the SSL encryption protocol. Since then, there has been growing concern among merchants about what the changes mean to them.

    The confusion among retailers generally can be boiled down to two questions:

    1. What will the new updates require me to do?
    2. What happens to my TSL/SSL certificates?

    First let’s explain what’s going on: On Feb. 13, the PCI Security Standards Council informed its assessor community that SSL (Secure Sockets Layer) – a protocol designed to ensure that data provided between a web server and a web browser, such as credit card information, remains secure – is no longer an acceptable way to provide “strong cryptography.” This is due to a number of known fundamental vulnerabilities – some of which, such as Heartbleed, we have documented here, here and here – that essentially make SSL, as an encryption mechanism, obsolete.

    Participate in our community discussions and/or join the consortium