Important Notice for Customers - Payment Cloud Improvements

Date WEDNESDAY, 25 MAY 2016


CRITICAL - ACTION REQUIRED - Please cascade to operational areas, IT or Web Development team as appropriate

Payment Express wishes to advise clients and partners, as a preventative measure the Secure Sockets Layer (SSL) protocol will be disabled on all front-end web servers. The way SSL ciphers encrypt traffic could potentially allow attackers to decrypt information.

This change is in response to the "Poodle" ("Padding Oracle") cyber-attack recently uncovered. The attack exploits SSL which could allow for encrypted data to be revealed.

Google's security team discovered a vulnerability in SSL version 3.0 http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html in October 2014. Historically SSL was supplanted by TLS and the current version is 1.2, but older systems fall back to using SSL 3.0 for compatibility. This is a design flaw in SSL/TLS and there is no patch to fix the bug. Instead, most organisations are disabling support for SSL 3.0, a protocol which is old and deprecated. Many of our business partners may still be using systems that rely on SSL 3.0, we request that these systems be configured/upgraded to support TLS.

Targeted Date & Time for Implementation

Questions

If you have any concerns or queries regarding these changes, please, contact our Support team:

US 1 877 434 0003

UK 0800 088 6040

NZ 0800 729 6368

AU 1 800 006 254

Email: support@windcave.com

For further information please download our infosheet here