TLS 1.0 PCI Compliance

Overview

This article will discuss how you might be affected by the removal of TLS 1.0 in the updated PCI Compliance Standards.

What Is TLS 1.0?

TLS 1.0 is a standard for encrypting data that is communicated between a computer and a server on the internet. Encryption keys provided by your SSL certificate provide the means to encrypt and decrypt the information. It is often used by websites that take Credit Card payments or hand other sensitive information that you wouldn't want plainly available. When information is encrypted, it is far less likely to be stolen. This is because a hacker will have to decrypt the information being communicated.

TLS 1.0 is one method, out of many, used to facilitate encrypted communication. Encrypted communication is required by the Credit Card industry before any business can accept Credit Card transactions.

What Is PCI Compliance?

PCI stands for Payment Card Industry. To be PCI compliant is to conform to the Payment Card Industry Data Security Standard or PCI DSS. You must be PCI compliant before you can accept Credit Card payments. Unfortunately, TLS 1.0 encryption is now considered too weak and will be removed as an acceptable encryption method for PCI Compliance. This means anyone relying on TLS 1.0 may lose PCI Compliance and no longer be able to process Credit Card transactions.

What To Do

To avoid issues with TLS 1.0

Just Host will remove TLS 1.0 support from our system before the cutoff date. If your Compliance Scan Vendor indicates you are not compliant you will need to contact them.
Keep your web browser up to date. Browsers that do not support encryption methods newer than TLS 1.0 may no longer work on encrypted pages.

Knowledgebase Article