Security is at the heart of what we do at Judopay and as a result we ensure we’re always staying on top of the latest industry-wide security updates & changes, like PCI.
What is happening?
As you may be aware by now the PCI Security Council released the PCI-DSS 3.1. The main change related to the deprecating of TLS 1.0 & SSL 3.0 as recognised secure protocols. As stated in our previous emails this means that there are a few mandatory updates you need to be aware of.
From October 20th any connection (App/Web/API) to Judopay that is not using the following will not be able to process live transactions.
What do I need to do?
Please ensure that you are using TLS 1.1 onward as a cryptographic protocol to effectively communicate with Judopay’s systems with both sandbox and live environments.
Please ensure that you have implemented the SHA-256 certificate to ensure the communication between both sides are well protected against cryptographic attacks.
Web payments & Web payments API
If you’re using our Web payments solution or have integrated using our Web payments API make sure you’re using the latest major version of our API (5.0+) and your are pointing to the correct endpoint (https://gw1.judopay.com/). Both settings are listed in the transaction header declaration before the payment request.
If you’re using any of our SDKs please ensure that you are using:
• iOS SDK (Kit ObjC and Kit Swift) version 6.0 or newer
• Android version 5 onward
• Xamarin version 2.3.0 or later
• .NET SDK 1.1.113 or newer
These SDKs can be found on Github.
If you would like to test these changes our sandbox environment is currently updated with the above changes.
If you require any support with this migration please contact firstname.lastname@example.org.
We have come a long way from the 4.1 iOS Objective-C SDK. Since the release, we have introduced our new collection of Swift SDKs, judoSwift, which simplified the communications with judo’s REST API, and paved the way for the feature rich judoKit. Our kit contains out-of-the-box functionalities like Address Verification System (AVS), 3D Secure, and other input verifications necessary for submitting card information for payments and other transactions. Together with our mobile-specific fraud prevention judoShield module, we provide the perfect basis that makes accepting transactions easier, simpler, and more secure.
In our pursuit to make payments in apps even more secure, and due to changes in PCI’s security standards, we are phasing out some older versions of our tech. This means you might need to upgrade to our latest SDKs by the 20th October 2016.
This guide will walk you through the steps needed to upgrade your app to the latest SDK.
In version 5.1 of our Android SDK, we wanted to introduce lots of new features, focus on improving the quality of the codebase, and make customizing the SDK to match your app’s brand easier. With this in mind, it made sense to completely rewrite the SDK from the ground up.
If you’re using an older version of the Android SDK (pre 5.1), you will need to complete an upgrade to this version by 20th October 2016 due to PCI Compliance changes that were introduced (PCI DSS 3.1).
To make the process of upgrading to version 5.1 as smooth as possible, let’s walk through the main steps required to get your app updated.
Security is at the heart of what we do here at judo, and to ensure that our platform and services are adhering to the latest security standards laid out by the PCI council (PCI DSS 3.1), we have made some updates to our API and SDKs.
These updates mean that we will be ending support for TLS 1.0 and below on 20th October 2016. After that date, any API requests or dashboard sessions will need to use either TLS 1.1 or TLS 1.2. (However, while not being immediately phased out, TLS 1.1’s days are numbered as well, so we would highly recommend an upgrade to TLS 1.2.)
17 June, London 2015 – Judo Payments, Europe’s only mobile-first payments platform, today announces its partnership with Pennies, the digital charity box. Pennies is a micro-donation charity which created the digital charity box to give people the opportunity to donate a few pence to charity when paying for goods and services by card, whether in-store, online or via mobile. To date Pennies has raised over £4m for UK based charities.
Working with Judo, Pennies is set to continue harnessing the rapid consumer adoption of mobile and bring further advocacy to mobile channels. By enabling the digital charity box with its payments platform, Judo will be giving even more people the chance to make micro-donations simply, quickly and securely. If all UK cardholders donated 30p to charity each month this way, the amount raised would exceed £150m each year.
9 June, London 2015 – Judo Payments, Europe’s only mobile-first payments platform, today confirms its announcement as one of the payments platform providers selected to support Apple Pay when it launches in the UK in July.
The UK launch is set to transform mobile payments, providing an easy, secure and private way to pay for physical goods and services across a number of mobile apps, such as clothing, tickets and groceries in iOS apps. Judo is working with key merchants to ready their mobile apps for Apple Pay’s launch next month.
15 May, London 2015 – Judo Payments, Europe’s only mobile-first payments platform, today announces its partnership with social treating app Givvit, following a competitive pitch.
The Givvit app enables consumers to purchase everyday gifts, such as chocolates, flowers and drinks, from high street brands – including M&S, Caffè Nero, Pizza Express and cinema chain Picturehouse – and digitally send them through mobile devices. Recipients redeem their treat by presenting their digital voucher in-store.
14 March, London 2015 – Judo Payments (“Judo”, www.judopay.com), Europe’s only mobile-first payments platform, today announces the launch of its mobile app payments software development kit (SDK) for mobile development solution Xamarin.
As mobile experts, judo has seen a growing demand for Xamarin Components globally. This is why judo has independently built a payment SDK for the Xamarin platform. The SDK will initially be tailored for Android with the roll-out of SDKs for other platforms currently in development.
The SDK enables companies to offer secure in-app payment by debit and credit card that can be branded to match the overall user experience. Judo’s payments platform is used by top retailers to make paying faster, easier and more secure on any mobile device. With the new judo SDK for Xamarin, companies can substantially accelerate native mobile development using one shared C# codebase and easily integrate conversion-boosting mobile first payments to increase sales.”
This week I’m in beautiful Barcelona for GSMA’s Mobile World Congress 2015. The conference gathers the mobile industry’s brightest visionaries and innovators to explore the upcoming trends that will shape the industry in the future.
So here’s a short round up of what I saw at the conference during day 1:
App to harness customer loyalty and maximise sales during busy lunchtime rush by reducing queueing time.
Judo’s technology enables Hummus Bros’ loyal customers to beat the lunchtime rush through a seamless and intuitive mobile experience. Customers who know what they want before stepping in-store can now maximise their lunch hour by using the Hummus Bros app to order and pay wherever they are, then collect their meal when it’s ready.