TLS 1.0 - End of Life
by PCI Booking
by PCI Booking
On June 30, 2018, TLS 1.0 (an older security protocol used on SSL secure web pages) passed the deadline of when the PCI Council considers it obsolete and a PCI violation.
You can read more details on the PCI Council blog post.
In order to comply with all PCI-DSS 3.1 guidelines, PCI Booking ceased support of TLS 1.0 (an older version of SSL) on June 1st, 2018.
Since this date, three types of connections have been affected in PCI Booking. The following table describes how PCI Booking addressed each one.
1. Inbound connections to PCI Booking’s API from customers:
2. Outbound connections established from PCI Booking to third parties (used in the Tokenization In Response and Token Replacement methods):
3. Inbound connections to PCI Booking’s gateway from third parties:
PCI Booking brings all the benefits capturing, storing and processing of credit cards, all while shielding your infrastructure from ever directly handling any complete credit card data.
With PCI Booking’s expertise in PCI DSS Level 1 compliance solutions, your customers can rest assured that their payment data will remain safe and secure.
We recommend that you review your system and check if you are choosing a specific security protocol when sending requests to PCI Booking. If you are, we suggest that you begin work to change this behavior to use TLS 1.2. If you are not setting a specific security protocol, we recommend that you check with your infrastructure / network team to ensure that your server is configured so that TLS 1.0 is disabled.
Please note, you will still need to take the necessary steps to ensure that your entire system (unrelated to PCI Booking) is also configured with TLS 1.0 disabled.
Yes. Since January 15th 2018, PCI Booking has disabled support of TLS 1.0 on our pilot environment. This enables you to send requests to the pilot environment and confirm there are no issues with submitting requests. This change also included our test gateway sites.
Since the pilot environment is separate from the production one, you will need a new account in order to access the pilot system. Please contact our support and we will be happy to assist you in setting up a pilot account.
Once your account is set up, all you will need to do in order to use the pilot system is simply provide the API key for this new account and change the URL for PCI Booking to be https://service-pilot-tls.pcibooking.net/….
If you would like to test the gateway, simply use the test endpoints provided to you in the past by our support staff. If you are unsure of the endpoints or you would like to create a new one, please contact our support and we will be happy to assist in setting up or retrieving the gateway endpoint.
Sign up to our newsletter to stay informed about PCI compliance news, and updates regarding new PCI Booking features.