June 30, 2018 is just around the corner. For many online businesses, the date is sort of a red-letter day because this is when changes to Payment Card Industry (PCI) compliance will be implemented. Firms that process payments online should have made the transition to TLS 1.1 encryption by that date or they won’t be able to accept credit card payments. PCI compliance will affect many online businesses, to say the least.
What is PCI compliance?
Three years ago, the PCI updated its benchmark for encrypting online transactions. For many years, Secure Socket Layer (SSL) and Transport Layer Security (TSL) protocols were considered robust enough to secure online payments. However, hackers have become wilier. The payment card industry has no choice but to adapt.
As a backgrounder, SSL and TSL are the two long-standing cryptographic protocols for securing conversations between systems online.
To put it in simpler terms, these protocols encrypt credit card and customer details that are relayed from the server and browser, keeping it private and secure.
But as early as 2014, SSL has not been considered secured. TSL which was released in 1999 has also replaced it as the standard for data encryption online.
Tips for businesses in need of PCI compliance
Business owners may think that migrating to TLS 1.1 or TLS 1.2 is that easy. However, there are still some factors to consider in complying with this new PCI benchmark. These include:
- The server where the site is hosted on must be compatible with the new PCI protocol. For instance, websites or web apps hosted on Microsoft Windows are recommended to run on Windows Server 2012.
- Servers should not be able to default to TLS 1.0 or SSL.
- Customers must be made aware of these changes. It is possible that not all customers are using the most updated operating systems on their PCs. Thus, they may not be able to connect to a website that has complied with the new PCI rules after June 30. Firms are thus advised to send a simple email informing them about the changes.