Overview

Data security is the foundation of every transaction that touches CardConnect. In an effort to continue to offer a secure means of communication to our systems, CardConnect is upgrading its systems and applications to accept Transport Layer Security (TLS) 1.2. 

TLS 1.0/1.1 Deactivation Deadline Extended

In an effort to provide additional time to our customers to ensure TLS 1.2 readiness, we have extended the timeline for accepting TLS 1.0 and TLS 1.1 communications until June 18th, 2018. After this date, we will no longer support communications made with the TLS 1.0 and TLS 1.1 protocols. Please ensure that you are prepared for this new cut-off date by referring to the How the Upgrade Impacts You section below.

What is TLS?

The Transport Layer Security (TLS) protocol encrypts and authenticates the data that is passed between communicating applications and their end users. For example, when you enter your login credentials on a website, TLS prevents a third-party from stealing the information that is exchanged during the login process. 

Why Upgrade?

The PCI (Payment Card Industry) Security Standards Council, which defines security and safety rules for the payments industry, no longer considers TLS 1.0 and TLS 1.1 to be a secure form of encryption because it is vulnerable to various types of attacks. As a result, all service providers and merchants who process or transmit credit card data must take the necessary measures to ensure that their systems and applications are upgraded to accept the TLS 1.2 protocol.

For additional information on TLS and and the risks that are present when using TLS versions 1.0 and 1.1, please refer to the PCI Security Standards Council’s Information Supplement on Migrating from SSL and Early TLS.

How is TLS Used at CardConnect?

When communications take place with CardConnect's systems and applications, the TLS protocol works to encrypt and/or authenticate the following types of information:

  • Cardholder Data
  • Communications from a merchant's server to CardConnect's APIs
  • Personally Identifiable Information (PII) of buyers
  • Application Login Data

How the Upgrade Impacts You

The upgrade to TLS 1.2 could impact you in various ways depending on the manner in which you interact and communicate with CardConnect's applications and systems. Select from the list below to determine if you are impacted by the TLS 1.2 upgrade:

Confirming TLS Readiness

We will be deactivating TLS 1.0 and TLS 1.1 traffic in our UAT environments on the following dates:

  • October 16th (9am-5pm EST)
  • November 13th (9am EST) through November 15th (5pm EST)
  • December 4th (9am EST) through December 6th (5pm EST)
  • January 22nd (9am EST) through January 24th (5pm EST)
  • February 12th (9am EST) through February 14th (5pm EST)
  • February 26th (9am EST) through February 28th (5pm EST)

TLS 1.0 and TLS 1.1 UAT Deactivation

We will be permanently deactivating support for TLS 1.0 and TLS 1.1 on March 15, 2018. Please ensure you have tested your systems for TLS 1.2 readiness prior to this date.

CardPointe and CoPilot Users

If you are a CardPointe and/or CoPilot user, it is important to ensure that your web browsers are up-to-date. Most browsers have supported TLS 1.2 for some time, but if you haven't updated your browser to the latest version, then you may be impacted by this upgrade.

Please refer to the Web Browser Support section of this page to verify whether your browser(s) is supported by TLS 1.2.

Bolt and API/Gateway Users

Java Support

If you run one of the following versions of Java, it is important that you take action before March 31st, 2018 to continue to communicate with CardConnect's services. 

Java Version

Details

JDK/JRE 7 Client

Yes, but support for TLS 1.2 must be enabled.

JDK/JRE 7 Server and aboveTLS 1.2 enabled by default.

JDK/JRE 6 and below

No TLS 1.2 support.

OpenSSL Support

Your OpenSSL version must be 1.0.1 or higher.

Common Server Platforms that Depend on OpenSSL

  • Linux
  • Mac OS X
  • Node.js
  • Ruby

ASP/.NET Support

TLS Support varies based on your Windows Kernel

  • Uses a crypto library called Microsoft Secure Channel (Schannel)

Oracle E-Business Suite Users

These security enhancements will require the deployment of a new CardConnect codebase in your Oracle EBS environment. CardConnect will contact you regarding the deployment of the new code as well as the added functionality included in this release.

Additionally, it is important that you apply the appropriate Oracle patch depending on the version of Oracle EBS that you are using, as indicated below:

VersionDetails
Oracle E-Business Suite 12.1Oracle EBS Suite 12.1 users must install the following Oracle patch to ensure TLS 1.2 support. (Doc ID 376700.1)
Oracle E-Business Suite 12.2Oracle EBS Suite 12.2 users must install the following Oracle patch to ensure TLS 1.2 support. (Doc ID 1367293.1)

SAP Users

Please refer to the table below for details based on your SAP version:

SAP Version

Details

SAP RFC (TCP/IP)

SNC Enabled:

  • Ensure current SAPCryptolib 8.4.31.
  • Validate SAPCryptolib via SAP Transaction: SSF02

SNC Not Enabled:

  • No updates are required for your SAP system.

SAP RFC (HTTP connection to External Server)

  • Ensure current SAPCryptolib 8.4.31.
  • Validate SAPCryptolib via SAP Transaction: SSF02.
  • Maintain the RZ10 Parameter:
    • Parameter:  ssl/client_ciphersuites
      • Value:  512:HIGH
    • Parameter: icm/HTTPS/client_sni_enabled  
      • Value: TRUE
    • Restart ICM for these new parameters to be active.

SAP PI

  • Ensure current Java Cryptolib - OSS Note: 2284059.
  • Please refer to the SAP PI blog for more information on upgrading to TLS 1.2.

Integrated Ingenico USB Device Users

If you use an integrated Ingenico USB Device, please refer to the details below to determine the necessary actions that are required to ensure a seamless transition to TLS 1.2.

Bolt

Bolt terminals are not impacted by the upgrade to TLS 1.2. If you are a Bolt API user, please refer to the Bolt and API/Gateway section for additional information.

Web Tokenizer 

The Web Tokenizer is not impacted by the upgrade to TLS 1.2.

iFrame Tokenizer

The iFrame Tokenizer is not impacted by the upgrade to TLS 1.2.

Desktop Tokenizer

Refer to the table below to determine if action is required on your part based on your version of the .NET framework.

.NET Framework VersionDetails
4.0
  • Update to the .NET 4.5 framework. Desktop Tokenizer and PANpadUP will notify you that an update to .NET 4.5 is required if .NET 4.0 is still in use.
  • Update to the latest version of Desktop Tokenizer
  • If you're a PANpadUp user, you must update to the latest version of PANpadUp.
4.5 +
  • Update to the latest version of Desktop Tokenizer
  • If you're a PANpadUp user, you must update to the latest version of PANpadUp.

Download and Configure the Desktop Tokenizer

To download the latest version of Desktop Tokenizer, click here. The zip file contains the following files:

File NameDetails
ccs.exeThe new version of the Desktop Tokenizer application.
cs.iniThe Desktop Tokenizer configuration file.
ccpanpad.dllThe new Dynamic Link Library.

For details on testing the new application, refer to the section Testing a New Application.

Note: The configuration settings within your existing cs.ini file should be ported over to the new cs.ini file that is included in the Desktop Tokenizer .zip file that you downloaded.

Download and Configure PANpadUp

To download the latest version of PANpadUp, click here. The zip file contains the following files:

File NameDetails
ppu.exeThe new version of the PanPadUp application.
ppu.iniThe PanPad application configuration file.

For details on testing the new application, refer to the section Testing a New Application.

Note: The configuration settings within your existing ppu.ini file should be ported over to the new ppu.ini file that is included in the PANpadUp .zip file that you downloaded.

DLL

Refer to the table below to determine if action is required on your part based on your version of the .NET framework.

.NET Framework VersionDetails
3.5.1
  • Download and install an update to the .NET 3.5.1 framework, which enables the framework to work with TLS 1.2.
  • Download the new PANpad DLL and refer to the README.txt file that is included in the .zip for more information.
4.0
  • Update to the .NET 4.5 framework.
  • Download the new PANpad DLL and refer to the README.txt file that is included in the .zip for more information.
4.5 +
  • Download the new PANpad DLL and refer to the README.txt file that is included in the .zip for more information.

Testing a New Application

Upon updating to the new version of Desktop Tokenizer, PANpadUp, or DLL, we recommend a full regression test of the new applications in your environment in order to ensure compatibility of all implemented changes for TLS 1.2 support. This includes all required tokenization scenarios in UAT (User Acceptance Testing) and Production. 

Support of TLS 1.2 is strongly correlated to which .NET version is running within the Windows environment. Please coordinate with a network administrator to verify and confirm that the .NET version supports TLS 1.2. If running .NET 4.0, then an update to .NET 4.5 will be required.

If testing is executed with either the Desktop Tokenizer or PanPadUp while running a .NET version that does not support TLS 1.2, then the CardConnect application will prompt the user with the appropriate action before any testing can proceed.

Web Browser Support

Refer to the information below to determine if your web browser is supported by TLS 1.2.

Google Chrome

If Your Chrome Version is..And You Are Running on one of these Operating Systems..Then...
v1 through 29- Windows 7 and up
- Mac OS X 10.9 and up
- Linux
- Android
- iOS 9 and up
- Chrome OS
Your web browser is not supported by TLS 1.2 and must be updated.
v30 through 58- Windows 7 and up
- Mac OS X 10.9 and up
- Linux
- Android
- iOS 9 and up
- Chrome OS
Your web browser is supported.

Google Android OS Browser

If Your Google Android OS Version is..And You Are Running on this Operating System..Then...
v1 through v4.0.4AndroidYour web browser is not supported by TLS 1.2 and must be updated.
v4.1 through v4.4.4AndroidYou must enable support for TLS 1.2 in your browser.
v5 through v8Android Your browser supports TLS 1.2.

Mozilla Firefox

If Your Mozilla Firefox Version is..And You Are Running on one of these Operating Systems..Then...
v1 through v23- Windows 7 and up
- Mac OS X 10.9 and up - Linux
- Android 4.0.3 and up
- iOS 9.0 and up
Your web browser is not supported by TLS 1.2 and must be updated.
v24 through v26- Windows 7 and up
- Mac OS X 10.9 and up - Linux
- Android 4.0.3 and up
- iOS 9.0 and up
You must enable support for TLS 1.2 in your browser.
v27 through v54- Windows 7 and up
- Mac OS X 10.9 and up - Linux
- Android 4.0.3 and up
- iOS 9.0 and up
Your browser supports TLS 1.2.

Mozilla Firefox ESR

If Your Mozilla Firefox ESR Version is..And You Are Running on one of these Operating Systems..Then...
v10 through v17.0.10- Windows XP SP2 and up
- Mac OS X 10.9 and up
- Linux
Your web browser is not supported by TLS 1.2 and must be updated.
v24 through v24.1.1- Windows XP SP2 and up
- Mac OS X 10.9 and up
- Linux
You must enable support for TLS 1.2 in your browser.
v31 through v52.1- Windows XP SP2 and up
- Mac OS X 10.9 and up
- Linux
Your browser supports TLS 1.2.

Enabling TLS 1.2 Support in Mozilla Firefox Browsers

If you are using Mozilla Firefox versions 24 through 26, follow the steps below to enable support for TLS 1.2:

  1. Open Firefox.
  2. In the URL/address bar, type about:config and press Enter.
  3. In the Search field, enter tls. Locate and double-click the entry for security.tls.version.min
  4. Set the Integer Value to 3 to enable support for TLS 1.2.
  5. Click OK
  6. Close your browser and restart Mozilla Firefox.

Your browser is now ready to support the TLS 1.2 protocol.

Microsoft Internet Explorer

If Your Internet Explorer Version is..And You Are Running on this Operating System..Then...
IE8Windows XPYour web browser is not supported by TLS 1.2 and must be updated.
IE8Windows Server 2003Your web browser is not supported by TLS 1.2 and must be updated.
IE8Windows VistaYour web browser is not supported by TLS 1.2 and must be updated.
IE8Windows 7You must enable support for TLS 1.2 in your browser.
IE8Windows Server 2008Your web browser is not supported by TLS 1.2 and must be updated.
IE8Windows Server 2008 R2You must enable support for TLS 1.2 in your browser.
IE9Windows VistaYour web browser is not supported by TLS 1.2 and must be updated.
IE9Windows 7You must enable support for TLS 1.2 in your browser.
IE9Windows Server 2008Your web browser is not supported by TLS 1.2 and must be updated.
IE9Windows Server 2008 R2You must enable support for TLS 1.2 in your browser.
IE10Windows 7You must enable support for TLS 1.2 in your browser.
IE10Windows 8You must enable support for TLS 1.2 in your browser.
IE10Windows Server 2008 R2You must enable support for TLS 1.2 in your browser.
IE10 Windows Server 2012 You must enable support for TLS 1.2 in your browser.
IE11Windows 7Your browser supports TLS 1.2.
IE11Windows Server 2008 R2Your browser supports TLS 1.2.
IE11Windows 8.1Your browser supports TLS 1.2.
IE11Windows Server 2012 R2Your browser supports TLS 1.2.

Enabling TLS 1.2 Support in Internet Explorer Browsers

If you are using Internet Explorer 8, 9, or 10, follow the steps below to enable support for TLS 1.2:

  1. Open Internet Explorer and click Tools > Internet Options.
  2. Select the Advanced tab.
  3. Check the boxes next to TLS 1.1 and TLS 1.2 to enable support for these protocols. 
  4.  Uncheck the box next to SSL 3.0 to disable this setting. 
  5. Click Apply and OK.
  6. Close your browser and restart Internet Explorer.

Your browser is now ready to support the TLS 1.2 protocol.

Microsoft Internet Explorer Mobile

If Your Internet Explorer Mobile Version is..And You Are Running on this Operating System..Then...
v7- Windows Phone 7
- Window Phone 7.5
- Window Phone 7.8
Your web browser is not supported by TLS 1.2 and must be updated.
v9- Windows Phone 7
- Window Phone 7.5
- Window Phone 7.8
Your web browser is not supported by TLS 1.2 and must be updated.
v10Windows Phone 8You must enable support for TLS 1.2 in your browser.
v11Windows Phone 8.1Your browser supports TLS 1.2.

Microsoft Edge

If Your Microsoft Edge Version is..And You Are Running on this Operating System..Then...
v12Windows 10 v1507Your browser supports TLS 1.2.
v13Windows 10 v1511Your browser supports TLS 1.2.
v14Windows 10 v1607Your browser supports TLS 1.2.
v15Windows 10 v1703Your browser supports TLS 1.2.
v16Windows 10 v1709Your browser supports TLS 1.2.

Opera

If Your Opera Version is..And You Are Running on one of these Operating Systems..Then...
v1 through v9- Windows 7 and up
- Mac OS X 10.9 and up
- Linux
- Android 4.0 and up
Your web browser is not supported by TLS 1.2 and must be updated.
v10 through v12.17- Windows 7 and up
- Mac OS X 10.9 and up
- Linux
- Android 4.0 and up
You must enable support for TLS 1.2 in your browser.
v12.18- Windows 7 and up
- Mac OS X 10.9 and up
- Linux
- Android 4.0 and up
Your browser supports TLS 1.2.
v14 through v16- Windows 7 and up
- Mac OS X 10.9 and up
- Linux
- Android 4.0 and up
Your web browser is not supported by TLS 1.2 and must be updated.
v17 through v45- Windows 7 and up
- Mac OS X 10.9 and up
- Linux
- Android 4.0 and up
Your browser supports TLS 1.2.

Enabling TLS 1.2 Support in Opera Browsers

If you are using Opera versions 10 through 12.17, follow the steps below to enable support for TLS 1.2:

  1. Open Opera.
  2. Click Ctrl plus F12.
  3. Scroll down to the Network section and click Change proxy settings...
  4. Select the Advanced tab.
  5. Scroll down to the Security section and check check the boxes next to Use TLS 1.1 and Use TLS 1.2.
  6. Click Ok.
  7. Close your browser and restart Opera.

Your browser is now ready to support the TLS 1.2 protocol.

Apple Safari

If Your Safari Version is..And You Are Running on one of these Operating Systems..Then...
v1- Mac OS X 10.2 and up
Your web browser is not supported by TLS 1.2 and must be updated.
v2 through v5- Mac OS X 10.4, 10.5, 10.6, 10.7
- Windows XP
Your web browser is not supported by TLS 1.2 and must be updated.
v6- MAC OS X 10.8Your web browser is not supported by TLS 1.2 and must be updated.
v7 through v10- Mac OS X 10.9, 10.10, 10.11, 10.12, 10.13
- iOS 1.0 and up
Your browser supports TLS 1.2.
v3 through v5 (iOS 3 and 4)- Mac OS X 10.2 and up
- iOS 1.0 and up
Your web browser is not supported by TLS 1.2 and must be updated.
v5 (iOS 5 and 6) through v10- Mac OS X 10.2 and up
- iOS 1.0 and up
Your browser supports TLS 1.2.

Apple Safari Mobile

If Your Safari Mobile Version is..And You Are Running on one of these Operating Systems..Then...
v3iOS 1
iOS 2
Your web browser is not supported by TLS 1.2 and must be updated.
v4 through v5iOS
iOS 4
Your web browser is not supported by TLS 1.2 and must be updated.
v5 through v6iOS 5
iOS 6
Your browser supports TLS 1.2.
v7iOS 7Your browser supports TLS 1.2.
v8iOS 8Your browser supports TLS 1.2.
v9iOS 9Your browser supports TLS 1.2.
v10iOS 10Your browser supports TLS 1.2.
v11iOS 11Your browser supports TLS 1.2.

Cryptographic Library Support

The following libraries do not support TLS 1.2:

  • SChannel XP / 2003
  • SChannel Vista / 2008
  • SChannel 8 / 2012
  • Secure Transport OS X 10.2-10.8 / iOS 1-4

Supporting Content

TLS 1.2: General Information Webinar

TLS 1.2: SAP Customer Webinar

TLS Webinar: Oracle Customer Webinar