Today Cayan sent the email below informing their merchants about new Payment Card Industry (PCI) standards. New PCI regulations mandate that all point-of-sale software support Transport Layer Security (TLS) 1.1 or 1.2 by July 1, 2018.
I want to ensure all PMA customers that we meet TLS 1.2. Your credit card processing will not be affected by this notice. If you have any questions please contact us at email@example.com
CAYAN Email Below
As today’s hackers continue to find new and more sophisticated ways to steal customer data, the Payment Card Industry (PCI) needs to continue to find ways to stay one step ahead. That’s why the PCI Security Standards Council (SSC) has declared that the widely-used Transport Layer Security (TLS) 1.0 encryption method is no longer secure enough to keep sensitive information safe. Therefore, the PCI Security Council has mandated that TLS 1.0 must be disabled by June 30, 2018.
What does this mean?
If your POS doesn’t support TLS 1.1 or 1.2 by July 1, 2018, you will no longer be able to process card transactions as of that day. If this happens, you’ll have to contact everyone involved in your payments, starting with your POS provider and payment processor, to find out which systems need to be updated. As a result, you’ll likely lose sales and revenue because you won’t be able to process cards during this time.
What is Cayan’s response?
Cayan’s Genius terminals are prepared for this deadline, already supporting TLS 1.2, as do its Virtual Terminal, Portals, and Payment Gateway. During its early-morning maintenance window on July 1, 2018, Cayan will disable support for TLS 1.0 in all its products, as mandated by the PCI Security Council.
Since the deadline was announced in 2015, Cayan has been working with its POS partners and merchants to ensure that they are ready for the upcoming deadline. To help educate its merchants and draw attention to this deadline, Cayan will be implementing a series of short, scheduled brownouts in production.
These brownouts are brief scheduled periods where Cayan will be disabling TLS 1.0 in all its products. Merchants whose Point of Sale does not support TLS 1.1/1.2 will be unable to process credit card transactions for the duration of the brownout. Merchants whose Point of Sale does support TLS 1.1/1.2 will be unaffected by these brownouts. Merchants affected by the brownouts are strongly encouraged to contact their POS provider to update their solution. We’ve intentionally left three weeks’ time between brownouts to give merchants time to bring their systems into compliance.
Below are the scheduled brownout periods:
• Monday, April 2: 10-1015am EST
• Tuesday, April 24: 12-1215pm EST
• Wednesday, May 16: 2-215pm EST
• Thursday, June 7: 4-415pm EST
• Friday, June 29: 6-615pm EST
Cayan reserves the right to alter the above brownout schedule as necessary.
Why does this matter now?
July 2018 may seem like a long way off, but prior history with large payment technology changes, such as the EMV chip card switchover and the SHA update, indicate merchants should plan for this far in advance. The key to avoiding disruptions on July 1, 2018 is being prepared and updating to TLS 1.1 or 1.2 as soon as possible.
How can I get started?
Get in touch with your POS provider as soon as possible. Find out what version of TLS they’re currently supporting and ask them what their plan to update looks like.
You can avoid brownouts and avoid the blackout coming on July 1st by acting now. Contact your POS provider or visit https://cayan.com/tls to discuss next steps today.