Increased security requirements with PCI DSS new from July 2018
We have informed with the Datatrans Newsletter 4/2015 that the new PCI DSS security requirements for the encryption technologies TLS will apply by end of June 2016. Meanwhile, with a decision on 18 December 2015, the PCI Security Standards Council has revised this date for migrating and postponed it for two years.
Decision of PCI Security Council on 18 December 2015
From 1 July 2018 the PCI standard will prohibit the use of old encryption technologies to protect credit card numbers. Organizations using SSL and early TLS encryption are vulnerable to attack and should allow as soon as possible secure connections with TLS 1.2 respectively block all not secure SSL and TSL connections latest by 1 July 2018.
This affects you as a retailer, as well as your customers. Datatrans will deactivate TLS 1.0 and TLS 1.1 in the second quarter of 2018.
So act now and check whether you’re ready for this change.
PCI Security Standards Council: “Still, we encourage all organizations to migrate as soon as possible and remain vigilant. Staying current with software patches remains an important piece of the security puzzle.”
How can I find out whether I’m affected?
(Webshop communication to Datatrans)
I’m using software such as Magento or Shopware with third-party manufacturer payment modules.
> Contact the manufacturer of your payment module.
- Someone else developed my website.
> Contact your developer.
- I programmed the website myself.
> Ensure that your server-to-server requests (such as statements, credit notes and status requests) support at least TLS 1.2. You can test this on https://api.sandbox.datatrans.com.
Effects of the changes on your customers
Customers with outdated browsers will no longer be able to make payments by end of June 2018.
Effects of the changes on the Datatrans Datatrans Web Administration Tool
Employees of retailers with outdated browsers will no longer be able to log in to the Datatrans Web Administration Tool by end of June 2018. As of now, we will display a warning message to affected users after login.
Please do not hesitate to e-mail us at if you have any technical queries associated with your own payment solution and PCI DSS.