Important TLS Disablement Notice from Authorize.net

Authorize.net sent a TLS Disablement Notice to alert customers they plan to disable TLS 1.0 and TLS 1.1 prior to 2018.


TLS is a security protocol used to protect information sent from a server to another ‘node’ like a personal computer or another server. As attacks adapt, so must the protocol. The Payment Card Industry (PCI) Data Security Standard (DSS) requirements state that all payment systems must disable early TLS by 2018. This includes TLS1.0 and TLS1.1.  So Authorize.net is beginning TLS Disablement early to give their customers a chance to phase it out.

The TLS protocol is a server setting. This means if you are running your own server or VPS, you need to check your settings. Here is a helpful post on Cpanel.net. If you are on shared hosting, you need to check with your host (Siteground, Godaddy, etc) to ensure you are good to go.

Because Authorize.net is disabling all developer testing (sandbox) accounts first, a developer with a sandbox account (any authorized Authorize.net developer) can test your environment before your live account is affected.

One quick check is to visit https://www.digicert.com/help/ Enter your domain name and check the box. Look for Protocol Support in the results. (It does not always appear.) If you see it and only see TLS1.0 or TLS1.1, you should contact your host. It is ok if you see these protocols listed, but you also want to see TLS1.2 so Authorize.net will have that protocol option to request.

Feel free to give me a call if you want me to test your payment setup with my sandbox account. The cost averages $35 per site.