Temporary Disablement of TLS 1.0/1.1

  • Hi, I just got this email from Authorize.net Will this affect your plugin in any way?Thanks!

    Your Payment Gateway ID: xxxx
    Dear Authorize.Net Merchant:

    As you may be aware, new PCI DSS requirements state that all payment systems must disable earlier versions of TLS protocols. These older protocols, TLS 1.0 and TLS 1.1, are highly vulnerable to security breaches and will be disabled by Authorize.Net on February 28, 2018.

    To help you identify if you’re using one of the older TLS protocols, Authorize.Net will temporarily disable those connections for a few hours on January 30, 2018 and then again on February 8, 2018.

    Please refer to our TLS FAQs for important details.

    Based on the API connection you are using, on either one of these two days you will not be able to process transactions for a short period of time. If you don’t know which API you’re using, your solution provider or development partner might be a good resource to help identify it. This disablement will occur on one of the following dates and time:

    Akamai-enabled API connections will occur on January 30, 2018 between 9:00 AM and 1:00 PM Pacific time.
    All other API connections will occur on February 8, 2018 between 11:00 AM and 1:00 PM Pacific time.
    Merchants using TLS 1.2 by these dates will not be affected by the temporary disablement. We strongly recommend that connections still using TLS 1.0 or TLS 1.1 be updated as soon as possible to the stronger TLS 1.2 protocol. If your current Virtual Point of Sale (VPOS) is an Authorize.Net product, please call Authorize.Net Customer Support at 1.877.447.3938 for assistance in updating to TLS 1.2.

    Note: If you are not using a current version of a web browser, please take a few moments to upgrade it now. Browsers released prior to 2014 may not support TLS 1.2. You can check your browser’s TLS support by visiting https://www.howsmyssl.com/.

    If you have any questions about this email or the upcoming TLS disablement, please refer to our TLS FAQs. Thank you for your attention to this matter and for being an Authorize.Net merchant.

Viewing 5 replies - 1 through 5 (of 5 total)

  • I got the same email. How would we go about making sure that our sites have this update? Would this be facilitated in an update from the Authorize.Net Payment Gateway WooCommerce Addon plugin? Thanks!

    I got it also. Please let us know if this plugin is TLS 1.2 compliant.

    Would you confirm that the plugin is using Authorize.net’s hosted secured form to process payments.
    Since no SSL is required (in the specs), this would mean that we are just connecting to Authorize.net system and they are already compliant… Right?

    Thanks for confirming.

    Plugin Author nazrulhassanmca

    (@nazrulhassanmca)

    You need to Have SSL on website to comply TLS 1.2 authorize.net recommends you to use SSL on your site

    This plugin does not use hosted forms it sends data via Post to Authorize.net Servers

    My client has been using this plugin for 18 months or so and recently started getting a string of complaints about his site leaking credit card information. It is setup with SSL and the cc info is collected in the checkout form and then passed via the API to authnet, correct? how is it possible for this data to be intercepted or stolen?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Temporary Disablement of TLS 1.0/1.1’ is closed to new replies.