Important Notice for Customers - Payment Cloud Improvements

Date WEDNESDAY, 25 MAY 2016

CRITICAL - ACTION REQUIRED - Please cascade to operational areas, IT or Web Development team as appropriate

Payment Express wishes to advise clients and partners, as a preventative measure the Secure Sockets Layer (SSL) protocol will be disabled on all front-end web servers. The way SSL ciphers encrypt traffic could potentially allow attackers to decrypt information.

This change is in response to the "Poodle" ("Padding Oracle") cyber-attack recently uncovered. The attack exploits SSL which could allow for encrypted data to be revealed.

Google’s security team discovered a vulnerability in SSL version 3.0 in October 2014. Historically SSL was supplanted by TLS and the current version is 1.2, but older systems fall back to using SSL 3.0 for compatibility. This is a design flaw in SSL/TLS and there is no patch to fix the bug. Instead, most organisations are disabling support for SSL 3.0, a protocol which is old and deprecated. Many of our business partners may still be using systems that rely on SSL 3.0, we request that these systems be configured/upgraded to support TLS.

Targeted Date & Time for Implementation


If you have any concerns or queries regarding these changes, please, contact our Support team:

US 1 877 434 0003

UK 0800 088 6040

NZ 0800 729 6368

AU 1 800 006 254


For further information please download our infosheet here