TLS 1.0 Permanently Disabled

Just before 7AM EDT on Sunday July 1, Cayan permanently disabled TLS 1.0 in both of our data centers, per PCI's industry-wide mandate. If you attempt to process a transaction using TLS 1.0 through any of the Cayan offered API's, the request will fail and your transaction will not be processed. Additionally, attempting to access any Merchant or Partner portal from a workstation which does not support or have TLS 1.2 enabled, will result in failure of the page loading.

Please refer to our TLS Help Center for additional information on why this change has been implemented, what systems are impacted and suggestions for configuring and resolving issues which may be related to this change.

Are you ready for the end of TLS 1.0?

As today's hackers continue to find new and more sophisticated ways to steal customer data, the Payment Card Industry (PCI) needs to continue to find ways to stay one step ahead. That’s why the PCI Security Standards Council (SSC) has declared that the widely-used Transport Layer Security (TLS) 1.0 encryption method is no longer secure enough to keep sensitive information safe. Therefore, the PCI Security Council has mandated that TLS 1.0 must be disabled by June 30, 2018.


If your POS doesn’t support TLS 1.1 or 1.2 by July 1, 2018, you will no longer be able to process card transactions as of that day. If this happens, you’ll have to contact everyone involved in your payments, starting with your POS provider and payment processor, to find out which systems need to be updated. As a result, you’ll likely lose sales and revenue because you won’t be able to process cards during this time.


Cayan’s Genius terminals are prepared for this deadline, already supporting TLS 1.2, as do its Virtual Terminal, Portals, and Payment Gateway. During its early-morning maintenance window on July 1, 2018, Cayan will disable support for TLS 1.0 in all its products, as mandated by the PCI Security Council.

Since the deadline was announced in 2015, Cayan has been working with its POS partners and merchants to ensure that they are ready for the upcoming deadline. To help educate its merchants and draw attention to this deadline, Cayan will be implementing a series of short, scheduled brownouts in production.

These brownouts are brief scheduled periods where Cayan will be disabling TLS 1.0 in all its products. Merchants whose Point of Sale does not support TLS 1.1/1.2 will be unable to process credit card transactions for the duration of the brownout. Merchants whose Point of Sale does support TLS 1.1/1.2 will be unaffected by these brownouts. Merchants affected by the brownouts are strongly encouraged to contact their POS provider to update their solution. We’ve intentionally left three weeks’ time between brownouts to give merchants time to bring their systems into compliance.

Below are the scheduled brownout periods:
  • Monday, April 23: 1000-1030am EST
  • Tuesday, May 15: 1200-100pm EST
  • Wednesday, June 6: 200-300pm EST
  • Thursday, June 14: 1200-130pm EST
  • Friday, June 22: 300-500pm EST
  • Thursday, June 28: 400-700pm EST
Cayan reserves the right to alter the above brownout schedule as necessary.


July 2018 may seem like a long way off, but prior history with large payment technology changes, such as the EMV chip card switchover and the SHA update, indicate merchants should plan for this far in advance. The key to avoiding disruptions on July 1, 2018 is being prepared and updating to TLS 1.1 or 1.2 as soon as possible.


Get in touch with your POS provider as soon as possible. Find out what version of TLS they’re currently supporting and ask them what their plan to update looks like.


You can avoid brownouts and avoid the blackout coming on July 1st by acting now. Contact your POS provider.
Put the Genius of Cayan to work for your business.