Web to Print – Ecommerce
“SSL has been removed as an example of strong cryptography in the PCI DSS, and can no longer be used as a security control after June 30, 2016.” – PCI Security Standards Council
Dear Valued Customer,
You have been redirected to this page because the browser you are using to access the Web to Print Ecommerce Site was deemed unsafe by the PCI Security Council. Old browsers use older encryption technology such as SSL and early TLS which are no longer considered strong cryptography and cannot be used as a security control after 30th June, 2016.
Your sensitive information is our top priority. You can help keeping our systems secure by upgrading your web browser. You are part of the solution – a united, global response to fighting payment card data compromise. Download the latest browsers here:
Chrome — Firefox — Opera — Internet Explorer
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure.
What is PCI Security Standards Website?
What happened to SSL?
The last-released version of encryption protocol to be called “SSL”–version 3.0–was superseded by “TLS,” or Transport Layer Security, in 1999. While weaknesses were identified in SSL 3.0 at that time, it was still considered safe for use up until October of 2014, when the POODLE vulnerability came to light. With the advent of POODLE (which stands for “Padding Oracle On Downgraded Legacy Encryption”), SSL 3.0 is quickly becoming deprecated, i.e., unapproved for use. Whereas Heartbleed was a flaw in OpenSSL (a software library which implements SSL/TLS), POODLE is a flaw in the SSL 3.0 protocol itself, so it’s not something that can be fixed with a software patch.
Windows Vista/ Windows XP?
TLS 1.0 (The old encryption standard) is used in Vista and XP. TLS 1.1 and 1.2 are not supported on Windows XP, Vista or Server 2003 therefore using newer browsers will be problematic.
Which browsers support TLS 1.2?
As of September 2015, the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, and have them enabled by default. However, not all supported Microsoft operating systems support the latest version of IE. Additionally many operating systems currently support multiple versions of IE, but this will change according to Microsoft’s Internet Explorer Support Lifecycle Policy FAQ, “beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates.” The page then goes on to list the latest supported version of IE at that date for each operating system. The next critical date would be when an operating system reaches the end of life stage, which is in Microsoft’s Windows lifecycle fact sheet.