TLS Version 1.0 and PCI compliance
The PCI (Payment Card Industry) Security Standards Council https://www.pcisecuritystandards.org/index.php – which administers the security standards for major credit card companies – has identified vulnerabilities https://www.pcisecuritystandards.org/pdfs/15_04_15 PCI DSS 3 1 Press Release.pdf in Version 1.0 of the Transport Layer Security (TLS), the protocol used to encrypt online transactions.
Consequently, they will be requiring all online transactions to be conducted using more recent versions of TLS. Those that continue to use TLS Version 1.0 after the deadline date of June 30, 2016 will no longer be considered PCI compliant. In the meantime, software applications that use TLS 1.0 must submit a risk mitigation and migration plan to remain PCI compliant.
Since there are still some browsers on particular operating systems https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers that do not yet support the newer versions of TLS, Wild Apricot will leave TLS 1.0 enabled until the June 30, 2016 deadline. We have submitted our risk mitigation and migration plans to our PCI DSS document provider to ensure that Wild Apricot and its online transactions remain PCI compliant. Click here http://www.wildapricot.com/security-policy-overview to view our most recent compliance report.
Wild Apricot remains committed to the highest industry standards of security to protect the safety of your online transactions.
For more information, contact Wild Apricot support http://www.wildapricot.com/wildapricotcontact .
The Wild Apricot team