Disabling SSL/Early TLS on 30 June 2018

To ensure the continued safety of our customers’ data, PayFast will be disabling SSL/Early TLS (1.0 and 1.1) on 30 June 2018 in favour of TLS 1.2 and greater. Most modern browsers and devices already use TLS 1.2 or greater and have done so for a long time. 

This means that a small number of Internet shoppers with very old browsers or devices will no longer be able to pay for goods and services via PayFast. As a PayFast merchant, you will not be able to access the PayFast website and merchant dashboard if your browser or device is unsupported.

What does it mean to have an unsupported browser?

While most of the Internet is using browsers/devices that are able to function uninterrupted beyond 30 June, a few browsers still rely on encryption methods that are no longer secure.

Because these outdated browsers/devices cannot handle the latest encryption methods, they will no longer be supported by the payment card industry (PCI).

If someone tries to access any of the PayFast platforms from an unsupported browser, including the payment engine, merchant dashboard and website after 30 June 2018, the page will not load. Instead, a blank page with no particular warning or error message will appear.

Which browsers/devices will no longer work?

The list of unsupported browsers includes, but is not limited to:

  • Android 4.3 and earlier versions
  • Firefox version 5.0 and earlier versions
  • Internet Explorer 8-10 on Windows 7 and earlier versions
  • Internet Explorer 10 on Win Phone 8.0
  • Safari 6.0.4/OS X10.8.4 and earlier versions

Why is it necessary for PayFast to disable SSL/Early TLS?

Security Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols used to encrypt sensitive customer data transferred between a customer’s browser and a web server, such as the PayFast platform.

To keep up with changing online security needs, these protocols are continuously updated to ensure the integrity of data is maintained.  Over the years, TLS replaced SSL as a secure protocol and as of 30 June 2018, early TLS can no longer be used as a security control according to Payment Card Industry Data Security Standards (PCI DSS).

How can you prepare for the change?

While PayFast makes the safety of our customers’ data a priority, this may not be the case for other online merchants. Older browsers and devices may still be able to access non-compliant platforms. To ensure that your data is safe and you can access the PayFast platform:

  • Make sure your browser has the most current implementation of TLS. A handy online tool to check this is https://www.howsmyssl.com.
  • Notify your customers and subscriber base of the upcoming change and how it will affect their online experience.
  • Encourage them to test their implementation of TLS so that they can enjoy the benefits of using the PayFast platform.

What are PayFast’s final words of advice to our merchants and their customers?

In general it’s a good idea to ensure your browser is always updated to the latest available version. At PayFast we recommend Internet users to set either Chrome or Firefox as their default browser.