By : John Pearson
January 04, 2016 02:58 PM
Do you lock your car? If there were a recall on your car locks, would you take it to the dealership to be fixed? I know I would – especially if anyone could gain access. Well the Internet has the equivalent of a recall. The security of Internet communications has a flaw that could allow anyone to gain access to data – banking data, credit card data, employee data, any data processed over the Internet by you and your business is at risk.
Since the early days of the Internet, secure communications have been made using a protocol called Secure Sockets Layer (SSL). This is the protocol used by your web browser when you do things like online banking or shopping on Amazon.com. It’s the thing that gives you that “HTTPS” initialism at the frontend of a URL in your web browser’s address bar (e.g. https://www.ncr.com/). It makes sure that the data you send over the Internet is encrypted so others cannot read it. And yes it’s broken!
The good news is there is a fix! The fix is a new protocol called Transport Layer Security (TLS), and you will need to start using version 1.2 prior to July 2016 – much sooner for online banking and for those who deal with HIPAA related systems. The credit card brands and the PCI SSC have mandated that merchants, processors, and POS providers move to TLS 1.2 by July 2016. Unfortunately not all web browsers and not all operating systems will support TLS 1.2 – for example Windows XP is not supported – so you will need to verify your systems as soon as possible. The PCI SSC has provided some guidance which can be accessed here.
To check your systems to make sure they are up-to-date and support TLS 1.2, you can simply visit https://www.howsmyssl.com/ which will inform you of your systems status. Please contact your NCR representative for upgrade options and further information should you find that your systems are affected and need to be addressed.
It is very important to upgrade! If you do not, criminal hackers could potentially access credit card data processed by your POS. Employee data could be leaked which is processed by your HR or payroll systems. And processing of online banking, credit cards, and the like could come to a complete halt as websites and providers such as NCR drop support for the broken protocols that proceed TLS 1.2.
For the same reasons you would not drive a vehicle which had a serious recall, you should not delay the review of your computer system to ensure they are up-to-date and using TLS 1.2. I encourage to act today and to be safe!