Security is at the heart of what we do at Judopay and as a result we ensure we’re always staying on top of the latest industry-wide security updates & changes, like PCI.
What is happening?
As you may be aware by now the PCI Security Council released the PCI-DSS 3.1. The main change related to the deprecating of TLS 1.0 & SSL 3.0 as recognised secure protocols. As stated in our previous emails this means that there are a few mandatory updates you need to be aware of.
From October 20th any connection (App/Web/API) to Judopay that is not using the following will not be able to process live transactions.
What do I need to do?
Please ensure that you are using TLS 1.1 onward as a cryptographic protocol to effectively communicate with Judopay’s systems with both sandbox and live environments.
Please ensure that you have implemented the SHA-256 certificate to ensure the communication between both sides are well protected against cryptographic attacks.
Web payments & Web payments API
If you’re using our Web payments solution or have integrated using our Web payments API make sure you’re using the latest major version of our API (5.0+) and your are pointing to the correct endpoint (https://gw1.judopay.com/). Both settings are listed in the transaction header declaration before the payment request.
If you’re using any of our SDKs please ensure that you are using:
• iOS SDK (Kit ObjC and Kit Swift) version 6.0 or newer
• Android version 5 onward
• Xamarin version 2.3.0 or later
• .NET SDK 1.1.113 or newer
These SDKs can be found on Github.
If you would like to test these changes our sandbox environment is currently updated with the above changes.
If you require any support with this migration please contact firstname.lastname@example.org.
Security is at the heart of what we do here at judo, and to ensure that our platform and services are adhering to the latest security standards laid out by the PCI council (PCI DSS 3.1), we have made some updates to our API and SDKs.
These updates mean that we will be ending support for TLS 1.0 and below on 20th October 2016. After that date, any API requests or dashboard sessions will need to use either TLS 1.1 or TLS 1.2. (However, while not being immediately phased out, TLS 1.1’s days are numbered as well, so we would highly recommend an upgrade to TLS 1.2.)