Payment Gateways Pushing Ahead with SSl/TLS Transitions Despite PCI SSC Extension
If you process payments for credit cards or PayPal, you may be aware that the Payment Card Industry Security Standards Council (PCI SSC) announced last year that payment applications must transition from SSL and early TLS versions to newer and more secure TLS versions by June 2016.
While the PCI SSC has more recently extended the migration completion date to June 2018 (http://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls), some (not all) individual gateways are still proceeding with plans to disable all versions of SSL and early TLS versions before this date.
Among these individual gateways, PayPal has recently announced that they will “move forward in implementing these security standards this year” (June 2016) despite the PCI SSC extension (https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=en_US). Also, Paymentech previously announced plans to transition to only newer versions of TLS in June 2016 and has recently announced an extension only to December 2016.