SecurePay SSL Changes

Clients utilizing the SecurePay payment gateway may have received an email with the following content:

Dear Customer,
Due to identified vulnerabilities affecting the Secure Socket Layer (SSL) 3.0 encryption protocol, SecurePay will be removing support of this protocol across all APIs and websites. Although the identified vulnerability is difficult to exploit, to protect users we will be disabling SSL 3.0.
What is the impact of this change?
Once SecurePay disables SSL 3.0 encryption, all websites and platforms which connect to SecurePay will need to use TLS 1.0 Encryption (or higher). This includes all API connections, web-based interfaces such as Direct Post and SecureFrame, and internet browser connections to the SecurePay website and merchant login.
What do I need to do?
We have been advising merchants via their merchant login of the change since December 2014 so you may have already acted on this change, however we encourage all SecurePay customers to check with their web developer or shopping cart provider to ensure a supported encryption protocol is being used.
This change will come in effect on Tuesday 17th Feb at 3pm (AEST).
We anticipate minimal impact to customers from this change, however if you have any questions please contact support@securepay.com.au.
Kind Regards,
 
SecurePay Support Team
Level 3/34 Queen St Melbourne 3000
P 1300 786 756 | F 03 9629 5550


At this time when Pegboard communicates with the SecurePay payment service (using Direct Post) the system will negotiate the highest level of security supported by both the server running the Pegboard application and the SecurePay server. In this particular case, TLS is already being used by all servers which support it.

TLS has been actively supported by the Windows Server operating system since Windows Server 2003. This change should not affect any websites utilizing this particular gateway.