Guildford, UK: Semafone has updated its solution, issuing Semafone Version 3.2 to fast-track customer migration from vulnerable TLS (Transport Layer Security) encryption protocols.
The most recent version of the PCI Data Security Standard (PCI DSS v3.1) states that organisations processing payments must migrate to TLS 1.1 encryption or higher. Whilst the original migration deadline of June 2016 has been moved back to June 2018, Semafone will be transitioning customers to the newest platform ahead of this date to accelerate more effective security.
Some Payment Service Providers (PSPs) have stated that they will cease acceptance of SSL and early TLS transactions prior to June 2016. In these cases, Semafone is proactively working with affected clients to meet these deadlines.
“The vulnerable nature of SSL and TLS 1.0 protocols, particularly within PSP integrations, has been well documented and puts secure payments at risk,” said Tim Critchley, CEO, Semafone. “While the official deadline is still some time away, we believe it is in the best interest of our customers to make the transition now, not only for the sake of compliance, but also in the interest of security.
“We believe that many PSPs will soon stop using these insecure protocols. It would seem that this is a rare experience of the community reacting well in advance of pending standards,” continued Tim Critchley. “This is a positive example of organisations becoming aware of a risk, assessing it and responding rapidly prior to any mandate or deadline.”
SSL (Secure Sockets Layer) and early TLS no longer meet minimum security standards due to known security vulnerabilities in the protocol for which there are no known fixes. To enable customers to move off these insecure encryption models rapidly, Semafone engineers have created the newest version of its product. Semafone will transition all customers to more secure encryption and transmission protocols by June 2016.
Semafone version 3.2 will also make it easier for customers to deploy and upgrade to future releases of the payment solution. In addition, technical upgrades facilitate customers’ ability to respond more rapidly to public vulnerabilities with faster and less invasive patch management capabilities – a critical necessity in the face of today’s rapidly evolving threats.