Important PCI-DSS security standard update (June 2017)

We are updating the deprecation timelines for TLS 1.0 and TLS 1.1.

Adyen merchants must upgrade their communication with the live Adyen platform to support TLS 1.2 by February 19th 2018.

The PCI Security Standards Council has specified TLS 1.2 to be the new baseline standard for encrypted communications. 

Early TLS (TLS 1.0 / TLS 1.1) has known weaknesses and therefore does not provide sufficient security. 

We recommend the use of TLS 1.2 to safeguard sensitive cardholder data during transmission over open, public networks such as the Internet.

TLS 1.2 connectivity has been available for some time and earlier TLS versions will be disabled in two phases:

September 25th 2017 - Early TLS disabled on Adyen’s Test platform
February 19th 2018 – Early TLS disabled on Adyen’s Live platform

We encourage scheduling the upgrade as soon as possible to adhere to industry best practices.

What does it mean for Adyen merchants?

Merchants should upgrade server-to-server and modification requests notifications to use TLS 1.2 on February 19th 2018.

Direct API Merchants and Client Side Encryption (CSE) Merchants using early TLS versions need to upgrade their systems to connect to the Adyen platform using TLS 1.2.

Merchants using Adyen’s POS solution may need to upgrade their firmware and/or library versions to support TLS 1.2.

As a general guideline:

  • Merchants using the .NET library will need to migrate to v1.4 or higher.
  • Merchant using Android should use Android OS version 5.0 or higher and library version 1.16 or higher.
  • Merchants using Verifone eVo terminals (Vx820/Vx690/Vx675/Vx680, E315M and E355) on firmware version V1_11 and V1_14 should upgrade to the latest stable version.

Merchants with Hosted Payment Page integrations do not need to make further changes if server-to-server notifications and modifications requests use TLS 1.2.

Please contact your Account Manager or Adyen Support (support@adyen.com) if you have any questions.

For more information on PCI DSS 3.2 please visit the PCI Council’s website.

You can also read through our Frequently Asked Questions section on this topic.

Are you looking for test card numbers?

Would you like to contact support?

Start searching the Adyen blog...

 Blog