Blog > 3 Steps to Ace the TLS 1.2 Upgrade

3 Steps to Ace the TLS 1.2 Upgrade

By |Last Updated: April 8th, 2024|

In 2015, the PCI Security Standards Council announced changes to its security standards that have reverberated across the payment landscape: merchants are no longer allowed to use SSL or TLS 1.0 to secure credit card information. Merchants have until June 30, 2018, to migrate and upgrade to TLS 1.2.

What are SSL and TLS?

You may have seen the terms SSL and TLS floating around on the internet, but what do they mean?

SSL (Secure Socket Layer) was developed in the 1990s as a protocol to protect online communications from outside forces. For example, when someone bought a book from Amazon, SSL protected their credit card information as it traveled across the internet. For many years, SSL was an essential tool in the web security arsenal.

TLS lock icon

Why is TLS vulnerable?

Because TLS is the most common protocol to protect information online, it’s susceptible to attacks from those seeking to steal data. Known attacks (like BEAST, CRIME, POODLE, and Heartbleed) have impacted TLS 1.0 and essentially made it useless, allowing attackers to harvest sensitive data. Unfortunately, it’s impossible to patch or fix these vulnerabilities, so merchants must migrate to TLS 1.2.

TLS 1.1 Lock Icon in Green

What’s the deal with TLS 1.1?

You may have noticed that there are three versions of TLS: 1.0, 1.1, and 1.2. While TLS 1.1 is more secure than TLS 1.0, it’s still not the safest option for merchants and their customers. To avoid costly data breaches and all their attendant effects, merchants should implement TLS 1.2.

TLS Icon with an

What happens if I don’t upgrade to TLS 1.2?

If you don’t upgrade to TLS 1.2, you’re putting your business and your customers in very real danger. If a data breach occurred due to known vulnerabilities in TLS, your business could face penalties from the PCI S