As of January 2018, the National Institute of Standards and Technology (NIST) has mandated that all merchants and their customers must be updated to TLS 1.2 and SHA-2 encryption standards to accept and process credit cards. Failure to switch will not result in a change of reliability, however, it will result in a complete disruption of service.
Who is the NIST?
The National Institute of Standards and Technology (NIST) is encharged by the U.S. government to create, set and enforce Internet security protocols. When security protocols are created or updated by the NIST, they are first adopted by government institutions and then followed by public companies.
What is TLS 1.2 and SHA-2?
Transport Layer Security (TLS) and the Secure Hash Algorithm (SHA) are the primary protocols and tools for encryption security. The industry standard from 1999 to 2017 has been TLS 1 and SHA-1. During this time frame, every merchant service provider had to offer products and services up to TLS 1 and SHA-1 standards. With multiple high-profile attacks in the past few years, the NIST has made the decision that the previous data encryption standards no longer fit their level of security. From this, the NIST has updated its encryption security protocols to TLS 1.2 and SHA-2. In doing so, every merchant and customer must now update the way they accept credit cards to meet these standards.
What does this mean for my business?
Deadlines for TLS 1.2 and SHA-2 compliance are subject to each merchant service provider but must be completed by June 30, 2018. As a business owner, new or existing, the responsibility is on you to provide your customers with methods of payment that meet these encryption standards. That means using the appropriate encrypted hardware, provided by a trusted and approved merchant service provider. In most cases, this will also require you to upgrade your POS software.
How can I become TLS 1.2 and SHA-2 compliant?
If you're a POS Nation customer, the easiest and most secure way to upgrade to TLS 1.2 and SHA-2 compliance is by contacting email@example.com. Approved and supported by Vantiv, POS Nation is certified to provide payment and technology services that meet industry standards.