CONTINUE TO SITE »
or wait 15 seconds

News

PCI SSC pushes back SSL-to-TLS migration deadline

The PCI Security Standards Council says it was necessary to extend the migration window due to 'a lot of business issues.'

December 29, 2015

In response to "significant feedback" from the PCI community and security experts, the Payment Card Industry Security Standards Council has extended its deadline for payments industry providers to migrate to TLS 1.1 (or higher) encryption. The date has been changed from June 2016 to June 2018, a press release said.

The original deadline appeared in the PCI Data Security Standard version 3.1, which the council published in April 2015. An updated version of the standard, expected in 2016, will use the new date.

"Early market feedback told us [that] migration to more secure encryption would be technically simple, and it was," said PCI SSC General Manager Stephen Orfei. "But in the field, a lot of business issues surfaced as we continued dialog with merchants, payment processors and banks. ...

"The global payments ecosystem is complex, especially when you think about how much more business is done today on mobile devices around the world. If you put mobile requirements together with encryption, the SHA-1 browser upgrade and EMV in the U.S., that's a lot to handle. And it means it will take some time to get everyone up to speed. We're working very hard with representatives from every part of the ecosystem to make sure it happens as before the bad guys break in."

According to PCI SSC CTO Troy Leach, additional provisions of the PCI DSS also will change to ensure that new customers are outfitted with the most secure encryption.

In addition to the migration deadline update, changes to other aspects of the standard include:

  • an updated deadline for payment service providers to begin offering more secure TLS 1.1 or higher encryption;
  • a requirement that new implementations be based on TLS 1.1 or higher; and
  • an exception to the deadline for payment terminals, or "points of interaction."

A webinar recording provided by the PCI Security Standards Council provides additional information, as does the council's "Bulletin on Migration," which can be downloaded from the PCI SSC website.

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Replacing the ATM: Pros and cons of new vs. remanufactured
Romanian man arrested for alleged cash trapping ATM scheme
U.S. Bank resumes crypto custody services


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'