SIMS Pay Support for TLS 1.0 and 1.1
The security of customer information is one of our highest priorities. To make sure we stay ahead of potential security risks, we are making updates that will protect the security of our service.
This article is intended for SIMS Pay Technical Integrators. (Cashless Caterers)
What are we doing?
In line with The Payment Card Industry Security Standards Council (PCI SSC) guidance, we have previously removed support from our Applications for TLS (Transport Layer Security ) 1.0 and 1.1 calls. This may have impacted customers using Legacy and unsupported browsers but would have been most unlikely to impact cashless caterers.
The next phase is to cease to support back end (API) calls. TLS 1.0 and 1.1 calls from 30th June 2020. It will continue to support TLS 1.2 calls.
This may impact cashless caterers if their calls are not made over TLS 1.2 or later.
Why are we doing this?
There are many serious vulnerabilities in SSL and early TLS. The widespread POODLE and BEAST exploits are just a couple examples of how attackers have taken advantage of weaknesses in SSL and early TLS to compromise servers and systems.