Transcription
Required Actions for the PCI-SSCTransport Layer Security (TLS 1.2)RequirementJANUARY 2018
The purpose of this document is to provide guidance to customers on the minimum Oracle Hospitality software versionsrequired to meet the Payment Card Industry Security Standards Council’s (PCI-SSC) mandate for Transport LayerSecurity (TLS) v1.1 or v 1.2. While both versions are accepted by the PCI-SSC, TLS 1.2 is highly recommended andmany payment gateways and processors will utilize the most current TLS 1.2 version. Merchants should consult withtheir QSA to confirm that they are meeting their requirements for on premise solutions as well as those solutionsprovided by a Service Provider or partner.The PCI-DSS v3.2 requires all entities subject to the PCI-DSS to migrate to TLS 1.1 and 1.2 by June 2018. Merchantswho have not migrated to TLS 1.1 and 1.2 not only face non-compliance but also may not be able to utilize third-partyservices that have already migrated. Please discuss your plans with your QSA; you may reference the PCI SSC’sguidance here. It is also recommended that you verify when your payment provider is requiring TLS 1.1 or 1.2, as manyhave deadlines set prior to June 2018.Also note, it is currently required by PCI DSS 3.2 that Service Providers (such as the Oracle Hospitality Cloud) leverageTLS 1.1 or 1.2 for all new Cloud Service deployments.The Oracle Hospitality portfolio includes systems utilizing different technologies and methods of credit card processing.The following table lists the products affected and the actions required to enable TLS v1.2 for each product:OracleProduct/ServiceIf you process credit cards usinga Standard Magnetic StripeReader imbedded in orconnected to a Workstation,then follow the minimum versionlisted below.If you areusing anExternalPaymentDevice(EMV)All OthersRES 3700RES version 5.0 withCredit Card Driver (v5.1 or higher) isrequired for TLS 1.2: Merchant Link Vantiv First Data Heartland TSYS World PayNo action isrequiredIf you are processingtransactions in a differentmanner or if your PaymentProvider is not specificallylisted in column two, contactyour Payment Providerdirectly for details on whatsteps are necessary if any.Premier Support for RES 5.0 hasended. It is highly recommended thatyou upgrade to RES version 5.4 tofacilitate TLS 1.2 and to have accessto Premier Support which providesfuture security updates, including PCIrequirements, which is not offeredunder Sustaining Support.
OracleProduct/ServiceIf you process credit cards usinga Standard Magnetic StripeReader imbedded in orconnected to a Workstation, thenfollow the minimum versionlisted below.If you areusing anExternalPaymentDevice (EMV)All Otherse7e7 version 4.2 is required for TLS1.2: Merchant Link First Data Heartland SecureNet World PayNo action isrequiredIf you are processingtransactions in a differentmanner or if yourPayment Provider is notspecifically listed incolumn two, contact yourPayment Provider directlyfor details on what stepsare necessary if any.9700For merchants using Merchant Linkas their payment provider, 9700version 4.0 or higher is required forTLS 1.2.No action isrequiredAs 9700 will be out of PremierSupport as of August 2018, it ishighly recommended all customersupgrade to Simphony 2.9 or higherto facilitate TLS 1.2 and to haveaccess to Premier Support whichprovides future security updates,including PCI requirements, whichis not offered under SustainingSupport.Simphony FEFor merchants using Merchant Linkas their payment provider,Simphony 1.7.1 or higher isrequired for TLS 1.2.As Simphony FE will be out ofPremier Support as of March 2018,it is highly recommended allcustomers upgrade to Simphony 2.9or higher to facilitate TLS 1.2 and tohave access to Premier Supportwhich provides future securityupdates, including PCIrequirements, which is not offeredunder Sustaining Support.No action isrequiredIf you are processingtransactions in a differentmanner or if yourPayment Provider is notspecifically listed incolumn two, contact yourPayment Provider directlyfor details on what stepsare necessary if any.If you are processingtransactions in a differentmanner or if yourPayment Provider is notspecifically listed incolumn two, contact yourPayment Provider directlyfor details on what stepsare necessary if any.
OracleProduct/ServiceSimphonyIf you process credit cardsusing a Standard MagneticStripe Reader imbedded in orconnected to a Workstation,then follow the minimumversion listed below.For merchants using MerchantLink as their payment provider,Simphony 2.8.2 or higher isrequired for TLS 1.2.If you areusing anExternalPaymentDevice(EMV)No action isrequiredAll OthersUpgrade to the latest version of thecredit card driver is required for TLS1.2. Merchant Link (upgrade toMerchant Link TVS Driverv4.17.11.28)If you are processing transactionsin a different manner or if yourPayment Provider is notspecifically listed in column two,contact your Payment Providerdirectly for details on what stepsare necessary if any.It is highly recommended allcustomers upgrade to Simphony 2.9or higher to facilitate TLS 1.2 and tohave access to Premier Supportwhich provides future securityupdates, including PCIrequirements, which is not offeredunder Sustaining Support.SimphonyCloudNo action is requiredNo action isrequiredIf you are processing transactionsin a different manner or if yourPayment Provider is notspecifically listed in column two,contact your Payment Providerdirectly for details on what stepsare necessary if any.OPERA 5TokenizedOPERA version 5.0.05 (aka 5.5.0)or later and Oracle database11.2.0.4 or greater is required forTLS 1.2. Merchant Link HeartlandNo action isrequiredIf you are processing transactionsin a different manner or if yourPayment Provider is notspecifically listed in column two,contact your Payment Providerdirectly for details on what stepsare necessary if any.(on-prem orself-hosted)Speak with your Hotel Sales Repto get additional informationregarding specific requirementsaround modules and patchlevels.It is highly recommended allcustomers upgrade to OPERA5.0.05 (aka 5.5.0) to facilitate TLS1.2 and to have access to PremierSupport which provides futuresecurity updates, including PCI1 [O.FOOTER] ENTER TITLE OF DOCUMENT HERE
requirements, which is not offeredunder Sustaining Support.OPERA 5NonTokenized(on-prem orself-hosted)OPERA version 5.0.04 or later andOracle database 11.2.0.4 or greateris required for TLS 1.2. Merchant Link Heartland 3C Payments (CC9 - IFC8)No action isrequiredIf you are processing transactionsin a different manner or if yourPayment Provider is notspecifically listed in column two,contact your Payment Providerdirectly for details on what stepsare necessary if any.No action isrequiredIf you are processing transactionsin a different manner or if yourPayment Provider is notspecifically listed in column two,contact your Payment Providerdirectly for details on what stepsare necessary if any.Speak with your Hotel Sales Repto get additional informationregarding specific requirementsaround OEDS, OXI, IFC8, andweb browsers.As Premier Support ends forOPERA 5.0.04.3 as of March 2018,and as Premier Support has alreadyended for all lower versions, it ishighly recommended you upgradeto OPERA 5.5 to facilitate TLS 1.2and to have access to PremierSupport which provides futuresecurity updates, including PCIrequirements, which is not offeredunder Sustaining Support.OPERACloudNo action is requiredandOPERA 5HostedGiven the high demand for software upgrades and the resources required to complete the upgradesover the next six months, it is highly recommended that all merchants immediately verify your currentsoftware and version. If you are not running one of the solution versions listed above, contact yourpayment provider to clarify their cutover plans as some payment processors have set dates earlier thanJune 30th. Then contact your Oracle sales representative to begin the process to upgrade your system.Delays to start this process, could result in the inability to complete the upgrade prior to the deadline,which will result in the inability to process credit card transactions.2 [O.FOOTER] ENTER TITLE OF DOCUMENT HERE
Oracle Corporation, World HeadquartersWorldwide Inquiries500 Oracle ParkwayPhone: 1.650.506.7000Redwood Shores, CA 94065, USAFax: 1.650.506.7200CONNECT W ITH r.com/oracleCopyright 2018, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and thecontents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any otherwarranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability orfitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations areformed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means,electronic or mechanical, for any purpose, without our prior written permission.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.oracle.comIntel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license andare trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo aretrademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0618
Reader imbedded in or connected to a Workstation, then follow the minimum version listed below. If you are using an External Payment Device (EMV) All Others e7 e7 version 4.2 is required for TLS 1.2: manner or if your Merchant Link First Data Heartland SecureNet
