Clients utilizing the SecurePay payment gateway may have received an email with the following content:
Dear Customer,
Due
to identified vulnerabilities affecting the Secure Socket Layer (SSL)
3.0 encryption protocol, SecurePay
will be removing support of this protocol across all APIs and websites.
Although the identified vulnerability is difficult to exploit, to
protect users we will be disabling SSL 3.0.
What is the impact of this change?
Once SecurePay disables SSL 3.0 encryption, all websites and platforms
which connect to SecurePay will need to use TLS 1.0 Encryption (or
higher). This includes all API connections, web-based interfaces such as
Direct Post and SecureFrame, and internet browser
connections to the SecurePay website and merchant login.
What do I need to do?
We have been advising merchants via their merchant login of the change
since December 2014 so you may have already acted on this change,
however we encourage all SecurePay customers to check with their web
developer or shopping cart provider to ensure a supported
encryption protocol is being used.
This change will come in effect on Tuesday 17th Feb at 3pm (AEST).
We anticipate minimal impact to customers from this change, however if you have any questions please contact
support@securepay.com.au.
Kind Regards,
SecurePay Support Team
Level 3/34 Queen St Melbourne 3000
P
1300 786 756 | F 03 9629 5550
At this time when Pegboard communicates with the SecurePay payment service (using Direct Post) the system will negotiate the
highest level of security supported by both the server running the Pegboard application and the SecurePay server. In this particular case, TLS is already being used by all servers which support it.
TLS has been actively supported by the Windows Server operating system since Windows Server 2003. This change should not affect any websites utilizing this particular gateway.