New PCI DSS (Effective Immediately) In April 2015 the PCI Council released a new update to the PCI Data Security Standard (version 3.1). The main change in this version is the determination that SSL 3.0 and TLS 1.0 are no longer considered strong cryptography and therefore cannot be used as a security control. The original deadline for this migration was June 30, 2016, however, the Payment Card Industry Security Standards Council has recently postponed the deadline to June 30th, 2018. However, Ingenico ePayments has decided to continue updating its Ingenico ePayments Platform Offline Post-Sales Status Communicator to support TLS 1.1 / TLS 1.2 as of 25 May 2016. New implementations must not use SSL or early TLS, effective immediately. Moreover, companies that are using SSL and/or early TLS versions must have a formal Risk Mitigation and Migration Plan in place. What is the impact for you? Our platform already supports the updated TLS 1.2 version and we kindly request that you make sure to use TLS 1.1 / 1.2 when communicating with us. Furthermore, we have been sending communications from TLS 1.2 in TEST and in PROD. We encourage you to upgrade as soon as possible to TLS 1.1 / TLS 1.2, as of 25 May 2016 we will no longer send communications based on TLS 1.0 from our gateway. Please note that no change of your configuration onto our gateway is needed. We also recommend that you check system integrators to make sure that they implement this upgrade as well. Additional Information : You can find additional information about the new standards here: PCI DSS version 3.1: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf Summary of the changes of version 3.1: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1_Summary_of_Changes.pdf For more information, please read End of TLS 1.0 Support or contact our Customer Care team. If you have any questions, don’t hesitate to contact your IT manager.