We are mostly living in a digital world now. Entertainment, communications, work, and yep, shopping – just think of each facet of your life that you do online these days.
For most people, online shopping is probably one of the best things about this online revolution. It’s so much easier to find the best prices, compare products and brands, and purchase whatever you need right from the comfort of your own home.
But of course, online shopping has its share of security risks. This is why it’s important that you keep your browsers and apps updated with the latest security protocols.
In a few days, you won’t have a choice anyway. With the death of two outdated TLS protocols, you might get locked out of online shopping if you don’t update!
Read on and learn why this change is mandatory and why it needs to happen soon.
What is TLS?
TLS stands for Transport Layer Security. It’s an internet security protocol that ensures the privacy and integrity of the communications between a website and your browser or app.
It does this by encrypting and authenticating the data so snoops can’t intercept sensitive information like your usernames, passwords, and credit card numbers.
As such, TLS is used by online shopping sites and payment portals to secure credit card transactions over the web.
Notice that little padlock on the address bar when you visit a website? That usually means that your communications are secured by security protocols like TLS and SSL and your data is safe.
However, in the next few days, the oldest versions of TLS (1.0 and 1.1) are saying bye-bye.
This means online merchants are required to upgrade to TLS 1.2 and HTTP/1.1 soon.
You too will have to update your browser too or risk getting locked out of online shopping websites that make the required switch.
“Die, Die, Die”
So what’s the deadline before TLS 1.0 and 1.1 finally kick the bucket? Mark your calendars, it’s June 30, 2018, folks!
The Payment Card Industry Security Standards Council (or PCI Council, for short) actually planned on killing off these ancient TLS protocols way back in June 2016 but extended the deadline to prevent wide-scale disruption.
Note: The PCI Council is responsible for managing the security guidelines for payment card systems around the world.
Why do these protocols have to go away, anyway? For one, they’re really outdated. TLS 1.0 dates back to 1999 and TLS 1.1 was introduced in 2006. In the tech world, that’s eons ago.
And since they’re ancient, they are already filled with known (and unknown) security holes that hackers are always willing to exploit.
The push for the retirement of TLS 1.0 and 1.1 is so strong that this internet draft paper, penned by Dell EMC’s Kathleen Moriarty and Trinity College Dublin’s Stephen Farrell, had the words “die, die, die” in its URL.
What happens next?
Thanks to the the two-year extended grace period, the transition shouldn’t be as disruptive anymore. The paper stated that the usage of TLS 1.0 and 1.1 are already very low and will decline further as the June 30 deadline approaches.
The paper also stated that most major internet services like 3GPP 5GCloudFlare, Amazon and GitHub have already either stopped using these protocols or will totally kill them off by July.
In line with the changes, PayPal also sent a notice out to its partners and merchants reminding them to upgrade to TLS 1.2 and HTTP /1.1. by June 30. Failure to do so means that they won’t be able to process card payments anymore.
What do you need to do?
And so, here we are. TLS 1.0 and 1.1 will be forever banished from online payment systems.
As a consumer, you shouldn’t really have to do anything except make sure that your browser of choice is updated come June 30. If merchants employ the TLS requirements before the deadlines, you shouldn’t see any major disruptions – it will be business as usual.
Do you want to quickly see if your browser needs updating? Click here to find out how.