Home   Payment Gateways/Processors   PCI COMPLIANCE FAILING: TLSv1.0 Supported :

PCI COMPLIANCE FAILING: TLSv1.0 Supported :

12/4/2015 10:48:31 AM
thehunter
Posts: 90
hi there
PCI compliance is failing on vevocart multostore v6.0 due to vevocart supporting / using TLSv1.0

I contacted trustawave and paypal and they say if fails as the vevocart store uses [font=]TLSv1.0 Supported
does vevocart have any fix for this?
without this you cannot use vevocart with paypal pro uk or us
thanks
12/15/2015 10:38:37 AM
bjfails
Posts: 35
The fix is not in VevoCart you have to modify your webserver to use TLS1.1 or 1.2, I would suggest 1.2. Here is a good write up on how to fix. VevoCart will use any protocol the server presents to it.
https://support.quovadisglobal.com/kb/a433/how-to-enable-tls-1_2-on-windows-server-2008-r2.aspx
12/23/2015 4:59:00 AM
thehunter
Posts: 90
hi there
has this been tested on multstore 6.0?
our host turned off tlsv1.0 and the site was unable to process card payments.
12/24/2015 10:59:23 AM
bjfails
Posts: 35
We use Multistore 6.3
1/20/2016 9:03:01 AM
thehunter
Posts: 90
hi there
can you tell me if 6.0 works with tls 1.2? also where are the files that reference this located?
many thanks
3/7/2016 5:10:29 AM
thehunter
Posts: 90
paypal are making changes which dramatically change the way they work with 3rd party shopping carts - vevocart does version 6,0 work multistire without tls v1.2?
if it doesnt it will stop being able to process payments....



2016 merchant security upgrades.


We recently announced several security upgrades planned for this year, some of which may require you to make changes to your integration. You’re receiving this email because we’ve identified areas of your integration that may need to be upgraded.
What you’re about to read is very technical in nature – we understand that. Please contact the parties responsible for your PayPal integration, or your third party vendor (for example, shopping cart provider, and so on) to review this email. They’re best positioned to help you make the changes outlined in this email and in the 2016 Merchant Security Roadmap Microsite.
What do I need to do to as a merchant?
Here are the steps you’ll need to take to ensure your integration is up to date and you don’t experience a disruption of service when the changes happen.
Step 1: Consult with someone who understands your integration. We encourage you to consult with the parties that set up your integration, which could be a consultant or third-party shopping cart. You may also need to find someone who can assist with making your integration changes.
Step 2: Understand how these changes affect your integration. Here are the key areas requiring your attention.
If the chart shows “Yes”, you may require changes to be compatible with that security upgrade.If you see a “No,” our data shows that you are already compliant or do not use that functionality. There may be other changes you need to make, but please pay particular attention to the following areas:
Change
Do I need to make a change?
SSL Certificate Upgrade to SHA-256
Yes
TLS 1.2 and HTTP/1.1 Upgrade
Yes
IPN Verification Postback to HTTPS
No
IP Address Update for PayPal Secure FTP Servers
No
Merchant API Certificate Credential Upgrade
No
Discontinue Use of GET Method for Classic NVP/SOAP APIs
No
Step 3: Get the technical details about these changes. Detailed information about each of the changes and a location to test your integration are available on our 2016 Merchant Security Roadmap Microsite. Select the hyperlinks in the chart for information about specific change events.
Step 4: Make the appropriate changes by each “Act by” date*. It’s important to have your changes in place by the “Act by” date for each change event.
Step 5: Future-proof your integration. We recommend that you go through the Best Practices section on our 2016 Merchant Security Roadmap Microsite.
Why is PayPal making these changes?
Protecting customer information is PayPal’s top priority. We support industry standards, such as crypto-industry’s mandate to upgrade SSL certificates to SHA-256, and Payment Card Industry (PCI) Council’s TLS 1.2 mandate. We also surpass those standards by investing in and building some of the finest protection available. By addressing these changes this year, we believe it helps future-proof your integration and reduce the need to invest in changing your integration in the near future.
If you have any questions, visit our Help Centre by clicking Help on any PayPal page. If you require further assistance, please call us on 805 542 713.
Thank you for your support of our commitment to maintain the highest security standards for all our global customers.

Home » Payment Gateways/Processors » PCI COMPLIANCE FAILING: TLSv1.0 Supported :

What's going on

Connect with us

Forum Stats

Threads 1985   Posts 5526   Members 1274

Users online

Members 0   Guests 9
© 2006-2017 Vevo Systems Co., Ltd. All Rights Reserved.
Built For Success - Powered by VevoCart