Maintenance and Service Interruption Alerts
6/11/2018 3:30 pm EDT
TLS 1.2 PCI Compliance
At 1 PM EDT on Friday, June 1, 2018, Paya turned off all communication to our services that use TLS 1.0 protocol standards. These actions were taken to comply with the PCI Security Standard Council mandated deadline to mitigate vulnerabilities in earlier SSL/TLS standards. We apologize for any impact this may have had on your business.
In order to help our customers and partners, we are allowing TLS 1.0 or greater protocol communication until June 25th. Extending this deadline will allow more time to complete the necessary updates. Without making the necessary updates to comply with TLS 1.1 or 1.2 standards by June 25th a failure in the ability to process payments will be experienced.
It is vital that our customers and partners continue working on being TLS 1.1/1.2 compliant. If you encountered an inability to process payments between June 1st and June 6th you need to take action immediately.
If you were unable to process payments using a software solution, please contact your vendor to discuss how your software is currently leveraging TLS. Your vendor may suggest possible upgrades to those solutions to ensure that you can use the TLS 1.2 protocol.
If you are hosting your solutions, you will need to enable TLS 1.1 and 1.2 security protocols on your servers and workstations. The minimum operating systems that support TLS 1.1 and 1.2 options are Windows Server 2008 R2, and Windows 7. Please ensure that all updates and patches have been applied. If you are using Linux, please check the Open SSL changelog for the version of your Linux OS that will support TLS 1.2.
For further detailed information about the transition for TLS 1.2, please review this article from the PCI SSC.
For Guideline on selection, configuration and use of TLS implementations, please review this help document from National Institute of Standards and Technology.
For more information about how to enable TLS 1.1 and 1.2 for Windows operating systems, please refer to this link. Paya has built a program that simplifies the necessary Registry Edits mentioned in the Microsoft article; please click here for more information.
Paya has created a page to keep you up to date with the most current information. Please visit paya.com/tlsinformation throughout the process for ongoing communications, updates, and solutions.
As always, Paya is here to support our customers. Should you need further assistance, please contact Customer Support at 800-261-0240.
Sage Software Solutions
Any software solution not listed above; we can still help with your needs.
If you are unsure of how your Software solution integrates to Paya's payment processing, please contact your Vendor for assistance in identifying your method of integration.