What I am about to discuss is relevant to every business owner that offers products online, for sale, and uses Authorize.net.
You may be wondering what this TLS 1.0 & TLS 1.1 business has to do with you. The answer is EVERYTHING if you are using a shopping cart that uses this protocol. Eventually your Authorize.net transactions are just going to NOT go through. This would put any business with a significant amount of online sales in a tizzy, especially if they don’t know what the problem is. So here we go! This information is for all of you that have an online shopping experience for your customers.
First of all, I will explain TLS as simply as possible. The acronym stands for Transport Layer Security. It is a cryptograhic protocol that provides security over a computer network when information is transferred from one source to another. For example, when a company’s server “talks” to your web browser and you see the green lock up in the left corner, that is a cryptographic protocol at work. It is necessary to protect your customers information from ending up in the hands of a junior hacker selling it on the dark net to pay for his new hover board, or worse yet a foreign mafia group raising funds for global terrorism. This is as simple as I can put it. If you are somewhat “techie” and interested in more info regarding, see this Wikipedia article.
Now, the reason this article came about in the first place. I received an email from Authorize.net, because I use their development tools to build certain requirements for my web clients, and the email contained a new date for TLS Disablement required by PCI Data Security Stadard. The date was September 18, 2017. Apparently this deadline was to soon for developers to get their clients systems up to date that fast. Some “carts”, or “e-commerce” platforms are going to need a complete redo while others are a simple fix. Regardless, it is a process to get every online system up to date with new protocols to keep your customer’s shopping experiences from becoming a nightmare. Authorize.net realizing that developers were having to put some serious time into these systems have extended the date to February 28th, 2018. This is excellent considering many business owners don’t even know that this is going to be an issue. Especially small business owners that don’t have an IT department or website developer looking out for them.
“NOTE: The PCI Data Security Standard requires that merchants discontinue using early TLS (1.0/1.1) for securing their sites, no later than June 30, 2018. In support of this, Authorize.Net is discontinuing support for TLS 1.0/1.1 on February 28, 2018. Please contact your solution provider and web hosting company to confirm that your solution and server fully support TLS 1.2 before or by February 28, 2018. Thank you.” ~Authorize.net
So what do you do if you are a business that uses Authorize.net but you have no idea if you need to make any changes to your online software? Seek a professional. The last thing you want to do is wait until the last minute and not be able to process online transactions or worse yet, compromise your customer’s info by not updating properly.
For more information regarding SSL/TSL and how to implement TSL 1.2 please visit this Authorize.net FAQ page.