Security is at the heart of what we do at Judopay and as a result we ensure we’re always staying on top of the latest industry-wide security updates & changes, like PCI.
What is happening?
As you may be aware by now the PCI Security Council released the PCI-DSS 3.1. The main change related to the deprecating of TLS 1.0 & SSL 3.0 as recognised secure protocols. As stated in our previous emails this means that there are a few mandatory updates you need to be aware of.
From October 20th any connection (App/Web/API) to Judopay that is not using the following will not be able to process live transactions.
What do I need to do?
Please ensure that you are using TLS 1.1 onward as a cryptographic protocol to effectively communicate with Judopay’s systems with both sandbox and live environments.
Please ensure that you have implemented the SHA-256 certificate to ensure the communication between both sides are well protected against cryptographic attacks.
Web payments & Web payments API
If you’re using our Web payments solution or have integrated using our Web payments API make sure you’re using the latest major version of our API (5.0+) and your are pointing to the correct endpoint (https://gw1.judopay.com/). Both settings are listed in the transaction header declaration before the payment request.
If you’re using any of our SDKs please ensure that you are using:
• iOS SDK (Kit ObjC and Kit Swift) version 6.0 or newer
• Android version 5 onward
• Xamarin version 2.3.0 or later
• .NET SDK 1.1.113 or newer
These SDKs can be found on Github.
If you would like to test these changes our sandbox environment is currently updated with the above changes.
If you require any support with this migration please contact email@example.com.
‘Aaarghh – why are they asking me for all this, all I want is to pay!’
I am often heard growling something along those lines (swearing omitted), when I try to complete a payment from my phone.
As the UX lead at Judopay, when faced with poor checkout experiences – that, I some years ago might have accepted as the painful way of things – now invoke similar reactions in me as when my older relatives are having ‘computer problems’, blood pressure included. Read more
For the best part of the past ten years, I’ve been a software developer, with the majority of that time building .NET applications. Microsoft has a platform that enables languages such as C# to be incredibly powerful, constantly evolving, and expressive, yet easy to read and follow. Technologies such as ASP.NET MVC, WebAPI and EntityFramework remove much of the complexity from the developer, allowing them to concentrate on their primary tasks — building and releasing software.
Recently, I was given the opportunity to cross-train, learn and contribute to judo’s iOS native SDKs. Given the above, I surprised myself with how quickly I jumped at the chance. I’ve been working with the SDK team for just over a month now, below are some initial thoughts from my jump to the ‘other’ side.
Judo participated at Xamarin Evolve this year in Orlando. Since Microsoft’s acquisition of Xamarin, this space has gotten hotter so we decided to be in the midst of the action and leverage the hard work we have done thus far on this platform. Below I interview Janice and Luke, who represented judo at Evolve, to capture their thoughts from the event.
What did you think of the Keynote?
Luke: I really enjoyed it, I think it just shows the strength of the platform that, even with Build a month earlier lifting the veil on a lot of .NET news and Xamarin’s big bombshell for the year, they had a lot to talk about. I liked Miguel’s presentation better but that’s just cause he got to hand out all the developer goodies.
Janice: I thought it was a really well structured delivered keynote, it set the tone for the rest of the conference, strengthened the case for cross-platform native development, and addressed the implications of the recent acquisition head on. The whole theme of end-to-end DevOps lifecycle management gave context and framed the new features announcement nicely. Also, the slides were beautiful, big kudos to their design team, I was mesmerised by the color palette!
After launching in the US last year, Android Pay™ is finally coming to the UK. It has enormous potential to make 2016 a very significant year for mobile payments. Android has a 51.9 %* market share in the UK which means millions of Android users will now be able to pay for things quickly and securely with just a single tap, whether in-store or in-app.
We have come a long way from the 4.1 iOS Objective-C SDK. Since the release, we have introduced our new collection of Swift SDKs, judoSwift, which simplified the communications with judo’s REST API, and paved the way for the feature rich judoKit. Our kit contains out-of-the-box functionalities like Address Verification System (AVS), 3D Secure, and other input verifications necessary for submitting card information for payments and other transactions. Together with our mobile-specific fraud prevention judoShield module, we provide the perfect basis that makes accepting transactions easier, simpler, and more secure.
In our pursuit to make payments in apps even more secure, and due to changes in PCI’s security standards, we are phasing out some older versions of our tech. This means you might need to upgrade to our latest SDKs by the 20th October 2016.
This guide will walk you through the steps needed to upgrade your app to the latest SDK.