Semafone solution will help customers to meet secure encryption protocols
Guildford, UK – 6 April 2016. Semafone®, which provides secure payment software for contact centres, has updated its solution, issuing Semafone Version 3.2 to fast-track customer migration from vulnerable TLS (Transport Layer Security) encryption protocols.
The most recent version of the PCI Data Security Standard (PCI DSS v3.1) states that organisations processing payments must migrate to TLS 1.1 encryption or higher. Whilst the original migration deadline of June 2016 has been moved back to June 2018, Semafone will be transitioning customers to the newest platform ahead of this date to accelerate more effective security.
Some Payment Service Providers (PSPs) have stated that they will cease acceptance of SSL and early TLS transactions prior to June 2016. In these cases, Semafone is proactively working with affected clients to meet these deadlines.
“The vulnerable nature of SSL and TLS 1.0 protocols, particularly within PSP integrations, has been well documented and puts secure payments at risk,” said Tim Critchley, CEO, Semafone. “While the official deadline is still some time away, we believe it is in the best interest of our customers to make the transition now, not only for the sake of compliance, but also in the interest of security.
“We believe that many PSPs will soon stop using these insecure protocols. It would seem that this is a rare experience of the community reacting well in advance of pending standards,” continued Tim Critchley. “This is a positive example of organisations becoming aware of a risk, assessing it and responding rapidly prior to any mandate or deadline.”
SSL (Secure Sockets Layer) and early TLS no longer meet minimum security standards due to known security vulnerabilities in the protocol for which there are no known fixes. To enable customers to move off these insecure encryption models rapidly, Semafone engineers have created the newest version of its product. Semafone will transition all customers to more secure encryption and transmission protocols by June 2016.
Semafone version 3.2 will also make it easier for customers to deploy and upgrade to future releases of the payment solution. In addition, technical upgrades facilitate customers’ ability to respond more rapidly to public vulnerabilities with faster and less invasive patch management capabilities – a critical necessity in the face of today’s rapidly evolving threats.
Semafone will withdraw support of TLS 1.0 and 1.1 at the end of June 2016.
For all media enquiries, please contact:
Lisa Coutts – Fourth Day PR
[email protected] / +44 (0)20 7403 4411
Semafone provides software to contact centres so they can take personal data securely over the telephone. Semafone’s patented data capture method collects sensitive information such as payment card or bank details and social security numbers directly from the customer’s telephone keypad for processing. This prevents personal data from entering the contact centre, which protects against the risk of fraud and the associated reputational damage, ensuring compliance with industry regulations such as PCI DSS.
Semafone has achieved the four leading security & payment accreditations: ISO 27001:2013, PA DSS certification for its payment solution, PCI-DSS Level 1 Service Provider and is a Visa level 1 merchant agent.
The company was founded in 2009 and serves a wide range of industry sectors including financial services, media, retail, utilities, travel and tourism and the public sector. Customers include Sky, Aviva Canada, TalkTalk, Nespresso, Yorkshire Water and Virgin Group. BT offers a hosted version of Semafone’s technology - BT Secure Contact. Major investors include Octopus Investments and BGF (Business Growth Fund).
Further information about Semafone is available at www.semafone.com.