Creditcall is committed to providing secure payment services in line with industry best practice and the Payment Card Industry Security Council's guidance.
TLS V1.0
In July 2015, we issued a bulletin detailing our mandatory timelines for integrators to support TLS V1.2. The timeline for this security requirement was relaxed by the PCI SSC.
In line with PCI SSC requirements, Creditcall requires all new implementations to support TLS V1.2. Creditcall recommend all existing implementations that connect to our platform using TLS V1.0 be updated immediately, as an immediate deadline could be imposed by the PCI SSC.
Triple DES Cipher
Triple DES (3DES) encryption algorithm support for TLS will be dropped on 30th June 2018 on production. While this was not mandated by the PCI Security Council, we believe that this is appropriate in the light of vulnerabilities such as the Sweet32. The cipher has also been downgraded to 'MEDIUM' by the OpenSSL project.
Creditcall Test Platform
Our test platform services already support TLS1.2 with SHA-256 certificates and we have retired the use of 3DES on 31st March 2017. Please test using these systems to confirm that your implementations meet the compatibility requirements.