Payment Card Industry Clings To SSLv3 And TLS 1.0 For Two More Years

Yesterday the Payment Card Industry Security Standards Council (PCI SSC) announced it has decided to extend its deadline for the fiat payment card industry to abandon SSL version 3 and TLS version 1.0 all the way into June of 2018 (archived). Back in April they had tried to set a June 2016 deadline parties handling fiat payment cards to move up to at least TLS version 1.1 or higher in light of POODLE, SHA1 weakness, and other protocol level attacks. General Manager Stephen Orfei of the PCI SSC blames "business issues" for the extension. These extra two years create the potential for massive fraud involving intercepted payment card information, but massive fraud is an inherent part of the fiat system.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>