The National Institute of Standards and Technology (NIST) has determined that Secure Hash Algorithm (SHA) 128 encryption no longer meets sufficient security standards. By year end all merchants’ systems/solutions/POS devices operating with SHA-1 certificates will no longer be able to process.
Subsets of your clients have been identified as having a terminal/software that is set up with an SHA-1 certificate. If these merchants do not upgrade their terminals/software to be compatible with SHA-2 certification they will not be able process payments after December 28.
Any terminals/software not meeting the deadline to upgrade their certificate will cease to process over IP (internet protocol) by year end.
Impacted merchants must upgrade their certificates and fall into three categories:
- Merchants with Class A/B supported terminals (such as the Vx520, Vx510, FD55 or Vx570) can dial into our 24-hour help desk (877) 274-7915 starting Thursday, October 27 to update their certificates*. This update will only take a matter of minutes.
- Merchants with unsupported Class B solutions (such as the Equinox T4210/4220 or the VeriFone Vx510LE on Omaha) must have their solution replaced.
- Merchants with ISV-based POS solutions such as PC Charge and Adelo will need to work with you and their/VAR dealer to upgrade to avoid processing being interrupted.
Merchants in scope of this issue and needing an upgrade will also be receiving a notification from Ignite via email by the end of the week.
Reporting of Impacted Merchants
Look for a list of impacted merchants within your portfolio shortly from your Ignite Payments’ representative. We encourage you to advise all eligible merchants with Class A/B supported terminals on this report to dial into our 24-hour help desk (877) 274-7915 and update their certificate.
For further detail on this important effort please refer to the attached FAQ and join today’s Ignite Payments Product Webinar at 1 pm ET – Register Here.
Thank you for your support in accomplishing this key initiative.
*We are updating merchants to the new SHA-256 (Secure Hash Algorithm) specification which incorporates a digital signature used between two or more devices communicating over IP (internet protocol).