Providing a secure payment experience enables your customers to feel confident about transacting with your web platform. For this reason, MobilePay is planning to make the following changes to API gateways and DataPower services in SANDBOX and PRODUCTION environment:
- Disable TLS1.0 and TLS1.1 on certain DNS domains.
The change has already taken place in SANDBOX.
Once we have a set date for the change in PRODUCTION, you will be informed again. This newspost purpose is to focus on putting your TLS 1.2 plan in action. The safest action is to upgrade to TLS 1.2 sooner than later to avoid disruption. The upfront costs of performing system updates like TLS 1.2 are much less than what your organization would spend cleaning up a potential security breach later.
This change could potentially impact your systems if you are using an out-of-date HTTPS client to call MobilePay API GW. Please ensure that your system is configured to support TLS 1.2 to ensure that you can continue to call MobilePay API's.
Note, if you use a third party for a custom-built solution, then you might need to verify that you are protected with the hosting vendor of that solution.
What happens if I do not upgrade to TLS 1.2? Most importantly, by not upgrading to TLS 1.2, you are putting your customers’ data at risk and not being PCI complaint. After the deadline, the MobilePay services on your website that require the use of TLS 1.2 will cease functioning, which means your payment processing could stop working if TLS 1.2 is not addressed.
How can I find out what SSL/TLS protocols and versions I support? Although there are companies that provide testing services, one way of finding out whether your website supports a particular version of SSL or TLS is to use a computer browser to connect to the site and actually establish a secure connection.
Payment Card Industry (PCI) requires TLS 1.1 or TLS 1.2 for compliance.
If issues are seen or if you have questions, please do not hesitate to contact us at email@example.com
However, if you use a third party for a custom-built solution, then you will need to verify that you are protected with the hosting vendor of that solution.