Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

PCI Council to delay the migration from SSL to Transport Layer Security

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 21, 2015

The Payment Card Industry Security Standards Council has decided to postpone the ultimate deadline for the migration from Secure Sockets Layer (SSL) to Transport Layer Security (TLS).

The delay in its decision was expected by some in the industry, however. Earlier this year, the Council decided that the time to make the change was June 2016, a reasonable deadline given that SSL gave the world the Poodle security vulnerability.

Now the PCI agency says it's just too difficult for retailers to make the jump during this busy time of the year.

The Council's statement about its last-minute decision features its general manager Stephen Orfei saying that the migration was expected to be simple, “but in the field, a lot of business issues surfaced as we continued to talk with various merchants, payment processors and banks.”

Orfei also laid some of the blame at some mobile device makers, saying that retailers' efforts to secure transactions made on some smartphones and tablets, on top of “encryption, the SHA-1 browser upgrade and EMV in the US” together make for so much work that the SSL deadline simply can't be met.

He added-- “We’re working hard with various representatives from every part of the ecosystem to make certain that it happens before potential hackers break in.”

The world will therefore have to wait a while with known-to-be imperfect encryption for two years longer than planned, a period during which we can only imagine that hackers will do their very best to take advantage of weak SSL encryption.

The new migration deadline will be formalised in the next version of the PCI DSS standard, due sometime in April 2016.

Source: The PCI Security Standards Council.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer