mPAY24 Security Upgrades in 2017

We would like to inform you that we have to upgrade our security standards due to inherent PCI guidelines from the credit card institutes MasterCard and VISA. Please make sure your IT systems are up to date and compatible otherwise you will not be able to process any transaction after the deadlines!

Disable TLS 1.0 & RC4 Cipher on 31st July 2017

Due to multiple requests of merchants we decided to postpone this upgrade to July 31st 2017!

In a Nutshell

Merchants and partners use HTTPS to securely connect with mPAY24 servers. We use the Transport Layer Security (TLS) protocol to encrypt these communications. To increase the security of our systems and adhere to industry best practices, mPAY24 is updating its services to require not less than TLS 1.1 (we recommend TLS 1.2) for all HTTPS connections. To avoid any disruption of service you must verify that your systems are ready for this change by July 31st, 2017 otherwise you will not be able to process transactions anymore.

What do you need to do?

Do you have a hosting provider?

=> Yes: Please contact your hosting provider to ensure they support TLS 1.1 or TLS 1.2.

=> No: Does your system already support TLS 1.1 or TLS 1.2? (Please see technical details below for how to verify this).

Does your system support TLS 1.1 or TLS 1.2?

=> Yes: Great! No action is required.

=> No: Please upgrade your system for TLS 1.1 or TLS 1.2 support.

Have you hard-coded an earlier version of TLS?

=> Yes: Please update your code to always use the latest version of TLS.

=> No: Great! No action is required.

Technical Details:

Our test systems are already configured!

The mPAY24 test endpoints have been configured with the latest security standards to which the production endpoints will be moving. You can use these endpoints to verify that your code supports the required standards prior to the production endpoints getting updated. These endpoints only allow TLS 1.1 or TLS 1.2 connections: test.mpay24.com

Verify your systems:

mPAY24 recommends to verify if your system supports TLS 1.1 or TLS 1.2 at https://www.ssllabs.com/ssltest/analyze.html. You have to enter your hostname in the form input field that is connecting to mPAY24. (Attention! Please make sure to activate the "Do not show the results on the boards" box!). After some time you will get an overview of your server security level. If you have a rating of A you are fine. No further action is required. If you get a rating different than A you need to find out if it has to do with protocol usage. If you get the information that your server supports only older protocols, but not TLS 1.1 or the current best TLS 1.2 then you need to update your system:

tls_rc4_1

You can also look into the protocol section and check if TLS 1.1 or TLS 1.2 is enabled. If it is in the list and listed as ‚YES’ you are done. If not please update your system to support the latest TLS versions:

Second thing to look out is RC4 within the section Protocol Details. RC4 should be marked as not in use: