Creditcall is committed to providing secure payment services in line with industry best practice and the Payment Card Industry Security Council's guidance.
In July 2015, we issued a bulletin detailing our mandatory timelines for integrators to support TLS V1.2. The timeline for this security requirement was relaxed by the PCI SSC until June 2018.
In line with PCI SSC requirements, Creditcall requires all new implementations to support TLS V1.2. Existing implementations that connect to our platform using TLS V1.0 need to be updated so they can use TLS V1.2 by June 2018 at the latest.
Triple DES Cipher
Triple DES (3DES) encryption algorithm support for TLS will be dropped on 30th June 2018 on production. While this was not mandated by the PCI Security Council, we believe that this is appropriate in the light of vulnerabilities such as the Sweet32. The cipher has also been downgraded to 'MEDIUM' by the OpenSSL project.
Creditcall Test Platform
Our test platform services already support TLS1.2 with SHA-256 certificates and we have retired the use of 3DES on 31st March 2017. Please test using these systems to confirm that your implementations meet the compatibility requirements.
What do I need to do?
For the latest information on new and existing implementations, please take a look at our Security Announcement below. This goes into the details of what products and platforms the TLS/cipher requirements apply to.
Security Announcement: Transport Layer Security