The Transport Layer Security (TLS) 1.2 deadline will affect organizations that conduct business online.
The TLS 1.2 deadline is rapidly approaching and will affect any organization that conducts business online. To ensure that your business isn’t negatively impacted, you will need to create a plan to adopt TLS 1.2 in advance and ensure that it is working properly.
What is TLS 1.2?
Transport Layer Security (TLS) 1.2 is a protocol that allows digital devices to securely communicate over the internet. TLS 1.2 ensures that online credit card purchases are not vulnerable to hackers. TLS 1.2 is part of the requirements for PCI DSS compliance.
In layman’s terms, TLS 1.2 provides a secret code that masks sensitive information while it is being transmitted. When the data leaves your site and while it is in transit, TLS 1.2 encrypts it. Once it is delivered to the destination website. Upon its arrival, TLS 1.2 unencrypts the data.
TLS 1.2 was launched when PCI determined that hackers have found multiple methods of exploiting TLS 1.0.
Who Needs to Adopt TLS 1.2?
It is federally required that any business that provides health services or conducts business online must adopt TLS 1.2. TLS 1.2 is also beneficial for other businesses, as it protects your customer’s data.
What If You Don’t Upgrade to TLS 1.2?
The consequences of not being TLS 1.2 compliant are threefold:
- Your business will not be compliant with PCI DSS. If your business suffers a data breach while you are out of compliance you will be at risk for fines, termination of the right to process credit card transactions, and loss of business.
- Your customers’ data will be at risk. If customers experience fraudulent activity from using your business, you will not only potentially lose sales, your brand may also be negatively impacted.
- Once the TLS 1.2 deadline passes on July 1, 2018, businesses who do not adopt TLS 1.2 will no longer be compliant. After that deadline, any services on your site the require TLS 1.2 will stop working, which means that your payment processing and shipping will likely stop.
How Should you Prepare your Business for TLS 1.2?
To prepare your business for the TLS 1.2 upgrade and ensure that your online store continues to work, you first need to determine if your site is vulnerable. If you are you using a hosted solution for your eCommerce platform, you are likely already protected. However, if you host your website through a custom platform you will need to conduct further research to learn if you are vulnerable. For custom solutions, review the following:
- IIS, Internet Information Service
- Web Server
- .NET Framework
While the deadline for TLS 1.2 is several months away, it is best to begin the upgrade now. Past upgrades, such as the EMV card implementation, caught businesses by surprise, which resulted in loss of business and increased risk to consumers.