Transport Layer Security (TLS) is Critical for NetSuite Users
TLS is an acronym for “Transport Layer Security,” which is the protocol that allows digital devices (such as computers and phones) to communicate over the internet securely without the transmission being vulnerable to an outside audience. TLS makes it possible for you to use your credit card to snag that deal on Black Friday, or to make secure transfers via your bank account online, or any other of the countless financial transactions consumers make each day. There’s an important update to these security protocols in TLS that consumer and businesses need to know alike. See the crucial steps NetSuite users should take to ensure that customer data and internal data is safe.
1. Why do we need TLS 1.2?
The latest PCI compliance standards require that any site accepting credit card payments uses TLS 1.2 after June 30, 2018. Even though you have some time before TLS 1.2 is required for PCI compliance, most internet services are moving to require support of TLS 1.2 earlier. Services such as PayPal, Authorize.net, Stripe, UPS, FedEx, and many others already support TLS1.2, and have announced that they will eventually refuse TLS 1.0 connections. This means your safest action is to upgrade to TLS 1.2 sooner than later to avoid disruption.
2. Does my organization need to use TLS/SSL?
Whether you need to use TLS/SSL depends on your organization’s activities. For organizations involved in health services or payment processing, using a security protocol such as TLS/SSL to encrypt network communications is likely a federal or commercial requirement. For other organizations, using TLS/SSL might simply be a good idea. For more information on health services requirements, visit the HIPAA Security Standard. For requirements on payment processing PCI DSS and compliance, visit the PCI SSC website.
3. What happens if I don’t upgrade to TLS 1.2?
Most importantly, by not upgrading to TLS 1.2, you are putting your customers’ data at risk. The consequences of not being PCI compliant and suffering a data breach can include fines and the termination of your ability to process credit card transactions. And after the deadline, the services on your website that require the use of TLS 1.2 will cease functioning, which means your payment processing, shipping rate, or other real-time data could stop working if TLS 1.2 is not addressed.
4. How can I tell if my site is vulnerable?
If you are using a hosted solution for your eCommerce platform, you are most likely already protected. However, if you use a third party for a custom-built solution, then you will need to verify that you are protected with the hosting vendor of that solution.
5. Isn’t updating my SSL Certificate good enough?
Not at all. The SSL certificate only handles incoming traffic to your web server, and will not protect any calls your web server is making to other services.
6. What can I do to ensure my site is compliant?
Unfortunately, there is no simple answer to this question. Every organization has a different configuration. From a bird’s-eye view, you need to ensure that the following connections and platforms are compliant with TLS 1.2:
- IIS, Internet Information Service
- Web Server
- .NET Framework
- eCommerce Application
Written by Tom Armbruster, Senior Application Consultant
Protelo can help ensure your customer data is safe and that your NetSuite instance is aligned with the latest TLS and PCI compliance protocols. Contact us for a consultation about your payment security here.
Innovate the buying experience with
SuiteCommerce to support your