Complete Story


An Encryption Upgrade Could Upend Online Payments

The problem may start occurring on June 30, 2018

At the end of June, digital credit card transactions are getting a mandatory encryption upgrade. It's good news—but not if you have an old device, or depend on a retailer that has not completed the transition.

When data moves from one device to another, it needs protection so it is not intercepted and manipulated along the way. This defense is especially crucial, as you might imagine, for sensitive communications like financial transactions. And with credit card fraud booming, the Payment Card Industry Security Standards Council (PCISSC) announced last year that it would phase out an old, buggy encryption scheme used for processing digital credit card transactions, called Transport Layer Security 1.0, in favor of more secure options. The deadline: June 30.

Though there are exceptions for merchants that run their own payment processing servers, organizations that use PCI-compliant commerce platforms—almost everyone—need to upgrade the encryption protocols on their websites and payment terminals if they haven't already. Running these updates should be pretty easy for a small business that has a couple of credit card readers and a website, but merchants need to know to do it in the first place. Large companies with thousands of payment terminals and a massive web presence face a more significant update challenge. With the deadline just weeks away, some are still scrambling. In the worst-case scenarios, those credit card transactions will simply stop going through.

Please select this link to read the complete article from WIRED.

Printer-Friendly Version