Tuesday May 8, 2018

Each day new security vulnerabilities are discovered online. The longer protocols are available, the more insecure sites can become over time. Transport layer security (TLS) is a cryptographic protocol used to establish a secure communication channel between systems; it’s what keeps web-based information secure. The Payment Card Industry (PCI) Council decides what protocols or technologies keep credit card data safe by regularly re-evaluating the current set of guidelines and establishing new protocols. Technology and threats are constantly evolving, therefore, resulting in the need to upgrade to a newer, more secure version of the TLS protocol. Without current guidelines and protocols web-based information is vulnerable to threats; the impact of such threats includes loss of confidentiality and/or integrity.

In keeping with the PCI Council’s most recent security of data mandate, Vocantas is updating its customers to ensure compliance with the latest security standards by disabling access for internet browsers to our hosted environment that do not support the encryption protocol TLS versions 1.1 or1.2. This update is necessary due to security implications with using TLS 1.0.

What does that mean to you as a valued Vocantas customer? We ask that you confirm that your organization’s web browsers support TLS 1.1 or 1.2 (version 1.2 is preferred). You can test your current browser by going to https://www.ssllabs.com/ssltest/viewMyClient.html.This browser test will verify whether you are using the currently supported TLS version and service won’t be interrupted when Vocantas disables TLS 1.0. To ensure a seamless transition, Vocantas is offering support if your browser does not support the newer TLS versions. Please contact support@vocantas.comfor more information.

Additionally, Vocantas is upgrading all current Utilities onCall (UOC) customers to version 3.3. In this latest version, a new security protocol type was added to provide support for TLS 1.2 for all payment processors.

Vocantas is making these changes to align with industry best practices for security as all payment processors are disabling TLS 1.0. We are applying the same security standard to all our clients. We welcome your comments on how your organization stays on top of technology and web-based threats and if you’ve encountered any issues with the switchover to TLS 1.1 or 1.2.