Authorize.Net Merchants,

As you may be aware, new PCI DSS requirements state that all payment systems must disable earlier versions of Transport Layer Security (TLS) protocols, TLS 1.0 and TLS 1.1.  Authorize.Net is set to disable those protocols on February 28, 2018. 

To help merchants identify if they’re using one of the older TLS protocols, Authorize.Net will temporarily disable those connections for a few hours on January 30, 2018 and then again on February 8, 2018.

Today, January 24, 2018, Authorize.Net sent an e-mail to Authorize.Net merchants informing them of this planned disablement.

Based on the API connection they are using, on either one of these two days they will not be able to process transactions for a short period of time. This disablement will occur on one of the following dates and time:      

  • Akamai-enabled API connections will occur on January 30, 2018 between 9:00 AM and 1:00
    PM Pacific time.
  • All other API connections will occur on February 8, 2018 between 11:00 AM and 1:00 PM Pacific time.

Merchants using TLS 1.2 by these dates will not be affected by the temporary disablement.
We strongly recommend that connections still using TLS 1.0 or TLS 1.1 be updated as soon as possible to the stronger TLS 1.2 protocol.

Note: Browsers released prior to 2014 may not support TLS 1.2. You can check your browser's TLS support by visiting https://www.howsmyssl.com/.

If you have any questions about this announcement or the upcoming TLS disablement, please refer to our TLS FAQs. Thank you for your attention to this matter and for being an Authorize.Net partner.

Thank you for your attention to this matter and for being an Authorize.Net merchant. 

Authorize.Net Merchants,

As you may be aware, new PCI DSS requirements state that all payment systems must disable early-version TLS by 2018. Transport Layer Security (TLS) is a technology used to encrypt sensitive information sent via the Internet. TLS is the replacement for Secure Sockets Layer (SSL). In preparation for this requirement, Authorize.Net plans to disable TLS 1.0 and TLS 1.1 on the following dates:

Sandbox: COMPLETE

Production: Feb 28, 2018 

We have disabled the sandbox in advance of production to allow you and your developer time to test your website or payment solution and ensure you are no longer using TLS 1.0 or 1.1 prior to September 18th. Please contact your Web developer or payment solution provider, as well as your Web hosting company, to confirm that they can support TLS 1.2 for your API connections.

In addition, we have retired the 3DES cipher (a data encryption standard) in production on September 18, 2017. 

Please refer your developer or solution provider to our API Best Practices for cipher recommendations, details about TLS 1.2 platform support, and other integration suggestions. 

Note: If you are not using the current version of your Web browser, please take a few moments to upgrade it now. Browsers released prior to 2014 may not support TLS 1.2. You can check your browser's TLS support by visiting https://www.howsmyssl.com/. 

Thank you for your attention to this matter and for being an Authorize.Net merchant.