The world is going one way, and that is to advancement into the digital age. As users we upload our personal information to the internet – our photographs and files are stored in the cloud, we upload our credit card information onto our mobile devices for easy purchases through the likes of Apple Pay and contactless payments, we send and receive files through email with file sizes unimaginable five years ago. The world is changing, things are becoming easier for us to keep connected and with that comes risks.
The online industry is changing the way that website security certificates are digitally signed in order to ensure that an appropriate level of security is kept consistent and ever-changing in a developing technological world.
As a result of these changes within the industry, all payment providers (Bacs, PayPal etc) are required to upgrade their systems to only allow SHA-256 (a type of SHA-2 certificate) in a bid to increase security online.
Currently, most sites use a form of SHA-1 (Secure Hash Algorithm 1) security certificate, however this will soon change as the advancement to a more secure SHA-2 is underway.
Encryption experts have been warning for some time that older encryption methods are vulnerable and therefore need to be updated. This has seen a massive shift in browser developers and other tech firms to spearhead this change.
Other changes within the industry..
The Payment Card Industry (PCI) has announced that as an industry all old version of TLS (Transport Layer Security – a protocol used to encrypt data sent to a site) will be made redundant. All organisations that handle financial information, such as PayPal, WorldPay and online banking sites will have to comply with the change. Part of this will involve all payment processors having to update to TLS 1.2 by January 2018.
As a customer who purchases from secure certified websites..
You won’t necessarily have to do anything, as your web browser should automatically update itself (Google Chrome, Microsoft Edge). To see if you’re up to date with the latest version of your web browser, check out What Browser? You can compare that with the SHA-2 compatible browsers and operating systems list.
As a vender who uses e-commerce to sell products or services..
If you have a validation certificate on your site, your certificate authority should automatically update you to the latest SSL security certificate to ensure that their clients are not prone to vulnerabilities. For more information, you may need to visit your certificate authority provider’s website.
If your company uses sites like PayPal, SagePay, WorldPay and other transaction based services, but your website itself doesn’t have a certificate then the e-commerce provider should be doing the updating of their certificates themselves.
It is, however, encouraged that you ensure your consumers do not use a browser that is significantly out-of-date. If their browser and operating system are no longer compatible come the switchover to the SHA-256, they may find themselves faced with an error message upon accessing any site that uses the certificate.