Answers to 7 Common Questions About Upgrading to TLS 1.2

There has been a lot of information coming out about TLS lately, and it can be hard to keep up. Even technical folks are sometimes confused. Have you found yourself wondering exactly how it affects your business, and what you need to do to secure your e-commerce site and your customers’ payment information? In this article, I’ll answer some of the most common questions we hear about TLS 1.2 and how it could impact your ecommerce site.

In this article, I’ll answer some of the most common questions we hear about TLS 1.2 and how it could impact your eCommerce site.

For a more in-depth look at what is involved in the process of updating your site for TLS 1.2, including the exact connections and systems involved, download our free eBook “Understanding TLS 1.2: How To Ensure That Your eCommerce Site Is Secure”

#1. What exactly is TLS anyway?

TLS stands for “Transport Layer Security.” It is the security protocol that allows computers to communicate over the internet securely, without the transmissions being vulnerable to anyone they aren’t intended for. Without TLS, you wouldn’t be able to use your credit card on eCommerce sites or log into your bank account online.  

#2. Why Is TLS 1.2 necessary?

Due to several weaknesses found in TLS 1.0, many websites and internet services are now starting to require the use of TLS1.2.  The latest PCI compliance standards require that any site accepting credit card payments use TLS 1.2 after June 30th, 2018*.  Even though you have some time before it is required for PCI compliance, several internet services are moving to require the support of TLS 1.2 as early as next year.  Services such as PayPal, Authorize.net, Stripe, UPS, FedEx and many others already support TLS 1.2 and have indicated that they will eventually refuse TLS 1.0 connections.  The dates for when they will refuse TLS 1.0 connections are not clear, but your safest action is to upgrade to TLS 1.2 sooner than later.

#3. What are the consequences if I don’t upgrade to TLS 1.2?

First and foremost, your customer’s data is at risk.  In the event of a data breach, consequences for not being PCI compliant can include fines and your merchant bank can terminate your ability to process credit cards.

Second, crucial functions on your website will stop working overtime as the services your website uses require TLS 1.2.  This means that your payment processing and real-time shipping rates could stop working at some point over the next year if you don’t address it.

#4. How can I tell if my site is vulnerable?

If you use a hosted eCommerce solution like Weebly® or Shopify®, you are most likely already protected.  However, if you use a third party or a custom-built eCommerce solution, then you will need to verify that you are protected.

Some examples of third party eCommerce solutions are AspDotNetStorefront, Magento, ZenCart, and Episerver, among many others.  These eCommerce solutions are typically either self-hosted or hosted by the implementer that created or is responsible for the application. If you are responsible for an eCommerce application, check out the flowchart in our eBook to determine if you are using outdated encryption.

#5. I updated our SSL certificate. Isn’t that good enough?

No.  Your SSL certificate is only handled incoming traffic to your web server, it doesn’t address calls your web server is making to other services.

#6. What do I need to do to ensure that my site is compliant?


Unfortunately, this is not a simple answer. There are several variables and a number of systems and software platforms involved. Every business has a different configuration, and there is no easy set of step-by-step instructions that will work in all cases. 

At a high level, you will need to ensure that the following platforms and connections are compatible with TLS 1.2:

  • Web Server
  • Internet Information Services (IIS)
  • .NET Framework
  • eCommerce Application

You may also need to look at the compatibility of the browsers you support for your users as well as any web services involved in your payment and fulfillment process. Our “Understanding TLS 1.2” eBook goes into greater detail on these systems, including a technical walk-through of a security upgrade.

#7. Will we have to update our eCommerce software platform? Or is there a way to patch what I have today?

It depends on your eCommerce software platform.  The great news is that for AspDotNetStorefront users we have a pre-built solution for you that you can use without needing to upgrade.  Contact us to learn more.

Ultimately, updating to the latest security protocols protects you, your users, and your reputation. 

We are here to help! Grab our free eBook for more information. Or, if you would like to talk to someone directly, set up a free consultation and we’d be happy to go over your specific situation.

*https://www.pcisecuritystandards.org/pdfs/15_12_18_SSL_Webinar_Press_Release_FINAL.pdf, Retrieved 2016-07-11

 

Related Articles