Transport Layer Security PaySpace
Transport Layer Security 1.0
Important notice to all users regarding PaySpace Transport Layer Security. Please read!
What is TLS?
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1 and 1.2.
The PaySpace application and API connections use TLS as a key component of their security.
What is the change?
PaySpace is requiring an upgrade to TLS 1.1 or higher on the 1st July 2018, with no extension possible. On this date, we will disable the TLS 1.0 encryption protocol (which has security vulnerabilities) in order to align with industry best practices for security and data integrity. The vulnerabilities in TLS 1.0 have been addressed in TLS 1.1 and higher.
How will customers be impacted?
After PaySpace disables TLS 1.0, any inbound connections to or outbound connections from your organisation that rely on TLS 1.0 will fail. This will impact accessing the PaySpace application for all users.
Why is this happening?
At PaySpace, Trust is our #1 value and PaySpace is focused on continually helping our customers improve their security by using the latest security protocols. Beginning 1 July 2018, PaySpace will require TLS 1.1 and later encryption protocol in an effort to maintain the highest security standards and promote the safety of customer data.
How can customers avoid a service disruption?
The action required by your organization will depend on which channels (Internet browser or API integrations) are used to access the PaySpace services. Please see the relevant topic below for more info and testing options to ensure there are no issues.
How to test your browser compatibility:
If you are able to view this test site (Click Here) – which has TLS 1.0 disabled – without errors, access to PaySpace via your browser should not be impacted by this change, and no action is required.
API Integrations are interfaces or applications that have been written to consume the PaySpace Web Services. If you have any API Integrations, please ensure that the TLS 1.1 and/or TLS 1.2 encryption protocols are enabled in those integrations. We have disabled TLS 1.0 in our test environment so that you can conduct your testing. The URL’s for the test environment are contained within each respective web service specification – kindly contact our support desk if you require any of the specifications to be sent to you.
If your integrations that use inbound connections to PaySpace do not have TLS 1.1 and/or TLS 1.2 enabled after 30 June 2018, your integrations may experience disruption. We recommend that you begin planning to support TLS 1.1 and TLS 1.2 as soon as possible.