BridgePay is committed to providing the latest security protections as quickly as possible. In alignment with this commitment, we are providing this reminder notification regarding a security change that is required for some merchants.
A vulnerability with the implementation of the 3DES ciphers may allow an attacker to extract plain text data from the encrypted data. In order to mitigate this issue, BridgePay will no longer support 3DES ciphers as of Oct 1, 2017.
What systems are affected by this announcement?
Any system that is running Windows XP, Windows Vista or POS Ready 2009 and connects to BridgePay production or test systems. This includes connection methods such via web browsers, terminals and direct API integrations. After the change, these operating systems will not be able to connect.
On July 23, 2015, Microsoft released a patch for POSReady 2009 (KB3055973) that adds support for TLS 128bit and 256bit AES ciphers. If your POSReady system is not patched, that system will not be able to connect to the gateway.
I connect with a web-browser. Am I affected?
Possibly. Modern web-browsers such as Microsoft Edge, Microsoft Internet Explorer, FireFox and Chrome support modern encryption ciphers such as AES. Consult your IT department to ensure your system is configured correctly. Minimum required versions of some popular client software are: IE 11, FireFox 27, Chrome 30, Opera 17, Safari 7, Android 4.4 and JAVA 8. While JAVA 7 can be configured to use TLS 1.2, JAVA 8 is recommended. If you use an older operating system such as Windows 2003, XP or Vista, you will need to upgrade.
Who should I contact if my terminal needs to be upgraded?
If your terminal does not support AES encryption, contact your terminal provider for an upgrade.
What Encryption Ciphers are supported?
Modern web-browsers support the latest encryption ciphers under TLS 1.2. For terminal configurations, contact your terminal provider for a list of ciphers your terminal supports. Your terminal will need to support encryption using AES.
Below are some technical links that may help with understanding these changes:
BridgePay Gateway Technical Support