Pegboard Payment Gateways Upgrade to TLS 1.2

What is TLS?

TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that an endpoint connected to is actually the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1 and 1.2.
 
Pegboard ODP Web and API connections use TLS as a key component of their security.
 
What is the change? 

Pegboard’s Payment Gateways are requiring an upgrade to TLS 1.2. Below is the list of Pegboard Payment Gateways with their deadline dates for the upgrades that we aware of.
 
Gateway Name
Date
Date Status
 
Links
Comments
AnzVpc
1st Sept 2017
Tentative
 
1.1 and 1.2 (1.2 highly recommended)
AnzVpc3Party
1st Sept 2017
Tentative
 
1.1 and 1.2 (1.2 highly recommended)
BendigoVpc
1st Sept 2017
Tentative
 
1.1 and 1.2 (1.2 highly recommended)
BendigoVpc3Party
1st Sept 2017
Tentative
 
1.1 and 1.2 (1.2 highly recommended)
CommWebVpc
1st Sept 2017
Tentative
 
1.1 and 1.2 (1.2 highly recommended)
CommWebVpc3Party
1st Sept 2017
Tentative
 
1.1 and 1.2 (1.2 highly recommended)
CommWebHostedSession
1st Sept 2017
Tentative
     
Eway
28th August 2017
Confirmed
 
Coming August 2017:  eWAY APIs will only accept TLS 1.2 connections
NABTransactHosted
 
Not Found
     
PayPalExpress
30th June 2017
Confirmed
 
1.2 only
PayPalStandard
30th June 2017
Confirmed
 
1.2 only
PayWay
9th Oct 2017
Confirmed
 
1.2 only
PayWayNet
9th Oct 2017
Confirmed
 
1.2 only
PXPay
31st Oct 2017
Confirmed
 
1.2 only
PXPost
31st Oct 2017
Confirmed
 
1.2 only
SecurePay
Late 2017
Confirmed
 
1.2 only (Page 7 of PDF)
StGeorge
 
Not Found
     
 
How will customers be impacted? 
If your Pegboard Payment Gateways are not upgraded, any inbound or outbound connections which do not rely on TLS 1.2 will fail.
 
How can customers avoid a service disruption?
To avoid disruption, you must ensure that your website is hosted on a server which supports TLS 1.2. Microsoft servers on version 2008/R2 onward supports TLS 1.1 and TLS 1.2. If you are on server with an earlier version you may need to transfer your sites on to a different server. Please note that the AccsysIT hosting supports TLS 1.1 and TLS 1.2. For other hosting companies, you will need to check.
 
Additionally, you will need to upgrade your Pegboard ODP website(s) for version 6.5 to release 6.5.1707.1790 onward OR for version 6.1 to release 6.1.5.100. This will force the support of TLS 1.1 and TLS 1.2 protocols.
 
For Pegboard Partners and Developers, this can be done using Pegboard Management Tool.
 
For Pegboard Direct Clients, this will be coordinated with you and has most likely already been completed.
 
If you require assistance from Pegboard to upgrade your sites please contact support@pegboard.com.au for advice or to organise for this additional work to be completed. The cost of upgrading a site to the latest release for it’s given version and perform a full audit and test is $280ex gst per site.
 
Another related article to security:
Have you secured your site to avoid Insecure warnings in browsers? Read more by using the below URL.