Hub · Blog

Topic: Mobile security


26

Sep

TLS & Security update & Deadline

Security is at the heart of what we do at Judopay and as a result we ensure we’re always staying on top of the latest industry-wide security updates & changes, like PCI.

What is happening?

As you may be aware by now the PCI Security Council released the PCI-DSS 3.1. The main change related to the deprecating of TLS 1.0 & SSL 3.0 as recognised secure protocols. As stated in our previous emails this means that there are a few mandatory updates you need to be aware of.

From October 20th any connection (App/Web/API) to Judopay that is not using the following will not be able to process live transactions.

What do I need to do?

TLS 1.1+
Please ensure that you are using TLS 1.1 onward as a cryptographic protocol to effectively communicate with Judopay’s systems with both sandbox and live environments.

SHA-256
Please ensure that you have implemented the SHA-256 certificate to ensure the communication between both sides are well protected against cryptographic attacks.

Web payments & Web payments API
If you’re using our Web payments solution or have integrated using our Web payments API make sure you’re using the latest major version of our API (5.0+) and your are pointing to the correct endpoint (https://gw1.judopay.com/). Both settings are listed in the transaction header declaration before the payment request.

SDKs
If you’re using any of our SDKs please ensure that you are using:
• iOS SDK (Kit ObjC and Kit Swift) version 6.0 or newer
• Android version 5 onward
• Xamarin version 2.3.0 or later
• .NET SDK 1.1.113 or newer

These SDKs can be found on Github.

If you would like to test these changes our sandbox environment is currently updated with the above changes.

If you require any support with this migration please contact developersupport@judopayments.com.


21

Jan

PCI DSS 3.1: early TLS’s days are numbered

Security is at the heart of what we do here at judo, and to ensure that our platform and services are adhering to the latest security standards laid out by the PCI council (PCI DSS 3.1), we have made some updates to our API and SDKs.

These updates mean that we will be ending support for TLS 1.0 and below on 20th October 2016. After that date, any API requests or dashboard sessions will need to use either TLS 1.1 or TLS 1.2. (However, while not being immediately phased out, TLS 1.1’s days are numbered as well, so we would highly recommend an upgrade to TLS 1.2.)
read more


19

Jun

The biggest feature of Apple Pay no one’s talking about

Since the announcement of Apple Pay‘s inevitable expansion to the UK, many commentators has been speculating the impact it will have on in-store retail. Will consumers and merchants jump quickly on-board with the service? Will it really make paying for goods and services easier at a physical location?

What we haven’t talked enough about is the impact it will have on paying for goods and services within an app. Think about it, the next time you want to splurge on a nice sofa for your living room, you can simply use Apple Pay to complete checkout in just 1 step. No more account setup. No more lengthy forms for billing and shipping information. No more time to abandon a purchase before checkout is complete.

This article in UK’s Business Insider explores why being able to pay for goods and services in-app with one touch is truly where Apple Pay shines.

read more


08

Jun

Apple Pay is coming to the UK

ApplePay_UK

Never before has buying goods and services using your mobile device been easier or more secure.

Apple confirmed earlier today the much anticipated geographic expansion of Apple Pay to include consumers and businesses based in the U.K. Launching in July with over 250,000 merchants and many of the banks that issue debit and credit cards to UK consumers, the service looks ready to kick off with a big impact.

read more


02

Jun

Boring but important: What Google’s Android Pay will mean for mobile commerce

Late last week, Google held its annual developer conference, dubbed I/O 15, where the data-obsessed tech giant unveiled the much expected Android Pay.  In short, Google has matched the offering of Apple Pay™ allowing consumers to pay easily and securely both in store (using NFC) and in-app (using fingerprint authentication).  Android Pay was first unveiled at Mobile World Congress in March following the acquisition of Softcard from a consortium of US TelCo operators.

read more


28

May

8 month report card: How is everyone liking ‘em Apple Pay?

Since Tim Cook’s announcement in September last year, Apple Pay has been the hot topic in payments and tech industry conversations. Apple’s answer to mobile payments caused much speculation on how it will change the payments industry. While Apple Pay is not exactly disruptive or innovative (it uses pre-existing technology), it will accelerate the rapid change in consumers’ behaviour and increase mobile commerce adoption.

We’re now at the end of the 8th month after its announcement, how is Apple Pay faring so far? Let’s have a quick look.

read more


22

Apr

Saying bye to SSL – What you should know about PCI DSS version 3.1

If you don’t know by now (and I hope you do), the Payment Card Industry Security Standards Council (PCI SSC), updated its Data Security Standards (DSS) to version 3.0 earlier this year in January.

To release some minor adjustments and clarifications, they have now issued a follow up version 3.1. The biggest thing that will affect all merchants in this standard update is that Secure Socket Layer (SSL) can no longer be used as a security control after June 30, 2016.

read more


03

Mar

Mobile Network Operators revised attempt in digital commerce

For the past few years, Mobile Network Operators (MNOs) such as Vodafone and Verizon have been working hard to take a slice of the global commerce pie by advocating the secure SIMs in our phones as the centre of payments.  But with U.S. operators throwing in the towel with the sale of Softcard to Google and companies like judo providing secure hardware-free payments, the MNOs are beginning to recognise that their monetisation ticket may lie in their massive number of customer relationships coupled with global, open communication standards and coordination via the GSMA.

read more


03

Mar

Day 1 @ Mobile World Congress – Connected everything

This week I’m in beautiful Barcelona for GSMA’s Mobile World Congress 2015. The conference gathers the mobile industry’s brightest visionaries and innovators to explore the upcoming trends that will shape the industry in the future.

So here’s a short round up of what I saw at the conference during day 1:

read more


22

Jan

Judo Payments raises £6M to drive expansion in mobile commerce sector

Early adopters of Judo’s mobile-first payments platform include fast food restaurant chain KFC and coffee shop Harris + Hoole

Judo Payments (“Judo”, www.judopay.com), Europe’s only mobile-first payments platform, today announces it has successfully closed an additional £6M in funding to drive growth in the rapidly expanding mobile commerce sector.  The first institutional funding round was led by financial technology venture capital firm Route 66 Ventures.

read more


Contact us, we'd love to hear from you

* Required. We will get back to you soon and we never share your details.