One of our churches is using Authorize.net for their online giving and they recently received this letter from Authorize.net – it seems that Paypal recently announced the same thing.
Important TLS Disablement Notice
Your Payment Gateway ID: 1185301
Dear Authorize.Net Merchant:As you may be aware, new PCI DSS requirements state that all payment systems must disable early TLS by 2018. Transport Layer Security (TLS), is a technology used to encrypt sensitive information sent via the Internet. TLS is the replacement for Secure Sockets Layer (SSL).
In preparation for this requirement, Authorize.Net plans to disable TLS 1.0 and TLS 1.1 on the following dates:
Production: September 18, 2017Letter sent to customers of Authorize.net
Since we are using the Gravity Forms add-on for Authorize.Net, I contacted them to make sure they had support for this in their plugin. They did, but they told me the real issue is whether or not your server supports all the underlying software they need to make the TLS 1.2 secure connection.
And the cool thing is that if you are running a WordPress server, all you need to do is install the “TLS 1.2 Compatibility Test” plugin!
When we ran it on our ChurchBuzz servers we found that our servers were 100% compliant. Here is the screenshot of the results you get with this plugin.
Having a secure website and online payments is critically important. Make sure your web server is 100% secure!
And of course your ENTIRE website must be SSL encrypted (https) as well as Google has told us they want the ENTIRE web to be encrypted! (All ChurchBuzz websites are by default).
Have a great day out there!
Patrick