What are the anticipated changes?
The purpose of this article is to announce an upcoming upgrade to the Transport Layer Security (TLS) intended for the end of October. This update requires that PurelyHR.com no longer support TLS version 1.0 over HTTPS. This change is mandated by the PCI Security Council and affects all service providers processing or transmitting credit card data. All this to say, if you are working with older browsers that do not support TLS 1.1 or 1.2, you will no longer have access to PurelyHR after the update.
Why are we making this change?
The PCI Security Council sets the rules on which technologies are acceptable for use in transmitting cardholder data. They have explicitly identified TLS 1.0 as no longer being a strong form of encryption because it is vulnerable to many known attacks.
This is not an action PurelyHR is taking alone. EVERY website that transmits or processes credit card data will be making this change. If you or your customers are using an insecure or unsupported browser, you will find that all secure websites will stop working very soon.
How do I know if I’m affected?
Most browsers have supported TLS 1.1 or 1.2 for at least the last few years. So most end-users are unlikely to be affected by this change. To test if you will be affected by this update, go to the following URL with your browser: https://www.howsmyssl.com/
In the “Version” section, please make sure your browser is using TLS 1.1 or 1.2. If your browser is using TLS 1.0, you won’t be able to use PurelyHR.com once we do the security update, unless you upgrade your browser to a newer version, or use another browser that supports TLS 1.1 or 1.2.
PurelyHR has always been focused on delivering top-notch security to all its customers. Although this update may be inconvenient for some, it is necessary for the protection of your personal data. If you have any questions or concerns in regards to this security update, please do not hesitate to contact us.