PCI Alert: Government Agency Security Update

According to the Payment Card Industry (PCI) Security Standards Council (SSC), government agencies must upgrade their computer systems’ PCI security by June 30, 2018. Missing that date, extended from June 2016, could have expensive drawbacks. Discover below how to ensure safer encryption of online transactions, reducing data theft vulnerability.

Protocol Change

Common Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) encryptions provide inadequate protection, leaving records susceptible to fraudulent use. Due to high-profile breaches, PCI SSC’s required change mandates using a more secure TLS version. That’s 1.1 currently with a preference for 1.2. The new protocol’s goal involves private information exchanges between computer programs like web browsers and servers that access websites.

Upgrade Urgency

Think you have plenty of time to convert your setup? Potential compliance challenges and expenses demand formulating your TLS migration early. Updating your operating system (OS) and applications or replacing computers may be necessary. Just one budget cycle before the deadline can complicate cost management. The steps below will help your agency and constituents prepare for this change by the 2018 target date.

System Evaluation

To ensure that your internal OS, programs, and browsers will support the transition, review development notes about your system’s design. Examples include hard coding that works with just older encryption versions. Initiate network sniffing to look at traffic and determine protocols in use during established connections to gauge compliance.

IT Experts

Utilize your information technology (IT) department’s expertise fully. Ask desktop support and infrastructure personnel if your agency’s OS and browsers can handle the TLS change. If your proprietary software could have issues, internal development staffers can explain application architecture. Consult external developers about apps they created. Being proactive can prevent involved parties from overlooking any remittance-related aspects.

Transaction Provider

Hire a payment processor that provides updated online gateways with a minimum of TLS version 1.1 protection in accordance with PCI SSC’s guidelines. Third-party vendors must have been supporting that new standard since June 30, 2016, two years earlier than your agency. Experts advise choosing a partner that’s fully compliant and transparent about helping you meet the 2018 government deadline. Representatives should offer timelines for activities affecting your bureau. Get dates for shutting down former encryption technologies with assurances that your transaction processing will be functional in time.


E-Complish supports the PCI compliance mandate, so you can count on a smooth transition. Secure time- and money-saving solutions for transaction challenges include online credit-card payments. Our in-house programmers fortify every custom merchant-processing platform with the latest defenses. Updating our software suite for this conversion demonstrates our ongoing pledge to meet your needs. E-Complish’s transparency extends beyond our clients to yours as well.

Migration Plan

Your upgraded configuration must stop all systems from operating on SSL or TLS 1.0. That requires defining how you’ll make all current hardware, apps, software, and browsers conform to the newest PCI regulations. Address all migration costs in your plan. Count computers with operating systems that don’t support the transition. Replacing hundreds can be pricey, so develop a suitable budget carefully.

Browser transformation expenditures are minimal except for resources that deploy new versions. Share your plan and noncompliance consequences with appropriate staffers. Everyone involved needs to understand how your agency’s allocated funds and available assets can achieve your goals.

Internal Deadlines

Delaying the changes you must implement will lead to significant risks. They could include extra costs and interrupted revenue flow since you can’t accept credit-card transactions until you’re compliant. To avoid those problems, set incremental in-house deadlines to achieve the 2018 conversion date’s requirements.

Constituent Notifications

In addition to government agencies, citizens and businesses also have to conform to the PCI standard. Their computers and browsers must function properly with higher encryption levels for your bureau to accept their online payments as of June 30, 2018. Notify your constituents about this migration and its impact on them. Display a prominent message on your website, advising them to upgrade their browsers to supported versions.

Universal Readiness

Transitioning to a more secure TLS version may seem challenging, but all parties will benefit from greater data protection. Planning for additional costs now and ensuring that you’ll be compliant by the upcoming 2018 deadline will avoid scrambling to fulfill this mandate later. As always, rely on E-Complish’s preparations to expedite and ease this changeover for safer web payment processing.