Worldpay is postponing our previously communicated planned date for removing support for SSL and TLS 1.0, and we will now make this change on 21 May 2018. This is to give customers more time to test and deploy these changes.
Payment Card Industry rules will require Worldpay to withdraw support for these legacy encryption methods. These rules affect all Payment Service Providers:
We're making these changes in advance of the PCI DSS deadline of 30 June 2018. We're required to make these changes to ensure that we process your customers'card details securely. The encryption methods we’re withdrawing are Secure Sockets Layer (SSL) and Transport Layer Security (TLS) version 1.0.
We recommend passing this message to the technical team who manage your connection to Worldpay, they are best placed to advise you on what you’ll need to do.
Why are we making these changes?
To ensure that our industry uses the highest levels of security, the PCI Security Standards Council has mandated that strong cryptography - Transport Layer Security v1.1 (TLS v1.1) or above, is used wherever payment card information is sent or received.
Transport Layer Security is a secure protocol used to communicate over computer networks. It replaces Secure Sockets Layer (SSL), the most widely-used encryption protocol for twenty years which remains in widespread use today.
Since its development in 1999, TLS v1.0 has been superseded by TLS v1.1 and TLS v1.2.
SSL and TLS v1.0 are no longer regarded as strong cryptography, and can no longer be used to transmit payment information securely to our gateways.
What you need to do
You will need to support TLS v1.1 or above for your payment submissions by 21 May 2018. We strongly recommended TLS v1.2, as not all implementations of TLS v1.1 are considered secure.
Please make a test payment through your payment pages, including your Hosted Call Centre, or Virtual Terminal (Worldaccess).
If you use our High Capacity Gateway, we have created a test environment that only supports TLS 1.1 or higher to let you test the changes. You can either test https://test1.wpstn.com/stlinkssl/stlink.dll?StringIn=version in a browser, or send a test transaction to https://test1.wpstn.com/stlinkssl/stlink.dll, both of which will provide a response.
If you have issues making a test payment, please follow the steps below:
Once you’ve upgraded to support at least TLS v1.1:
The effect on your customers
Following the update, shoppers will also need to support TLS v1.1 or higher to enter secure card details. This means that if shoppers use an older internet browser (Internet Explorer or other browsers on Microsoft Windows XP and Vista) they may not be able to access your payment pages.
You may wish to use a detection script on your website to see what encryption protocol your customers are using.
The following script is an example only, Worldpay cannot take responsibility for the use of content found on third party Web sites outside its control:
Find out more
Please speak to your Worldpay support team for more information about these changes.
PCI changes on 21 May 2018