Sage Pay Notification - TLS 1.2 Security Update
If you use Sage Pay to take payments through SubscriberCRM, on your website or through the SubscriberCRM Portal, then you may have received an email from Sage Pay explaining that they will be changing to use protocol Transport Layer Security 1.2 (TLS 1.2).
This change is being made to ensure the highest levels of security are being used. The PCI Security Council sets the rules on which technologies are acceptable for use in sending cardholder data. They have identified TLS 1.0 or 1.1 as no longer acceptable.
What is TLS?
When the hosting server connects to a Sage Pay server to process a transaction, Transport Layer Security (TLS) protocol encrypts the communications to keep them safe from malicious activity.
What will you need to do?
You do not need to do anything. We will be making the development changes in the background to ensure that TLS 1.2 is being used. This will not cause any disruption to your website or SubscriberCRM Portal and there will not be a charge to you for this development work.
When will the changes happen?
Sage Pay will enforce protocol TLS 1.2 from Saturday 31 March 2018.
We will be rolling out the relevant changes over the coming weeks in time for this deadline.