Volusion Update: Security Enhancement via TLS Disablement

SecurityImage_Blog_724x390

Attention, Volusion storeowners! We’ve got a security update in the works that we wanted to share, and more importantly, describe how it could impact your online store.

In a nutshell, the Payment Card Industry Security Standards Council (PCI-SSC) recently released FAQs ahead of changes to their data security standards. Among their recommendations, the Security Council heavily encouraged hosting providers to upgrade its Transport Layer Security (TLS) as soon as possible.

With security as one of our top priorities, our IT team is currently working to implement this update, so we wanted to provide you with plenty of advanced notice so you can prepare for the upgrade that could take place at the end of this year. When this does happen, we’ll be disabling TLS 1.0 and moving to TLS 1.1 or 1.2 so we can continue to exceed PCI certification requirements and ensure your customer data remains safe.


What does this update mean for me?
Overall, the impact to your online store is small. The main area to prepare for is in terms of any shoppers or store administrators who try to access your site using Internet Explorer 10 or lower. These users will still be able to access your site without issue, but will receive an error message when visiting secure pages, such as your one page checkout or your admin area. Please note that a very small percentage of web traffic comes from these older browsers.

Customers and administrators who want to continue using Internet Explorer 10 or lower can easily do so with just a few changes to their browser settings. Check out this Knowledge Base article to learn how.

 

 

We’ll be sure to keep you updated as we get closer to the end of the year. If you have any questions in the meantime, don’t hesitate to contact our Support team for more information.

 

About 

Matt Winn is Volusion’s Senior Brand Manager, where he helps oversee the organization’s branding and communications efforts. Matt has created hundreds of articles, videos and seminars on all things ecommerce, ranging from online marketing to web design and customer experience. Beyond being a certified nerd, Matt is an avid college football fan, enthusiastic home cook and a self-admitted reality TV junkie.

44 Responses to “Volusion Update: Security Enhancement via TLS Disablement”

  1. Tim Allen

    As of 20-Mar-2016 Volusion is operating with TLSv1.0 still enabled. This puts us all at risk of losing our PCI compliance certifications with our merchant account vendors. According to this article, TLSv1.0 was supposed to be disabled months ago. What is going on?

    Reply
  2. Avila

    Will this change effect those companies that deal only with PayPal Pro as their credit card provider service?

    Reply
  3. Mike

    Will we need to purchase a different SSL (or should I say TLS) certificate when the update is complete or will the old one suffice?

    Reply
  4. Darrell Fletcher

    Where do I go to upgrade or update my TLS? Is there a number to call or email I can respond to?

    Reply
    • Nathan Joynt

      Darrell, there is nothing you’ll need to do on your end.

      Reply
  5. Garry

    The https://browser-update.org/ seems to be a good solution. Could Volusion review and come up with a procedure to incorporate into checkout files? This would at least monitor the customers browser, notify them it is out of date, and provide a click link for them to update their browser. It also has customizable text so that you can identify the message it gives as coming from your store, so they feel more secure.

    Reply
  6. Garry

    “but will receive an error message” Could you be a little more vague please? I can’t even put in my FAQ that every error received on a secure page is due to this. At least give us what the error message will be so we can specifically address it. Really disappointed in how Volusion is handling this, minimal information, a solution (???) that puts the burden back on their customers and ours, casually stating “only a small number” of users. Any number of u$er$ lost due to Volusion not providing a seamless transition is unacceptable and unbelievable.

    Reply
  7. Julie Simons

    As with several others who have not had the suggestion addressed, is there any way for a popup warning of what the issue is going to be available to assist customers who are slow to update IE? It seems simple enough to have something set to show when the issue is triggered and would go a long way to helping us create good will with our customers who will surely be confused by this.

    Reply
  8. Philip S. Webster

    Only going to lose 10%: that’s amazing… I would be real upset if we did any volume…and Volusion is going to give up this money so easily on their end? Gotta be something else going on here.

    Reply
  9. chris

    For everyone calling this a customer service problem – yes, it may be, but it will be an issue for anyone processing credit cards so all the big box stores and internet giants will have the same customer complaints that we will be getting.

    Personally I am looking into adding this Browser Update script to my site, now rather than wait.
    https://browser-update.org/

    We will probably start telling customers about the new and improved security coming and that some browsers are not able support the enhanced security measures now being implemented to protect them from identity theft and fraud.

    Reply
  10. Tricia

    I would love to see an answer to the several questions about how to educate our customers and a link to help them please.

    Reply
  11. Carson Reinke

    TLS support by browser is available on Wikipedia [http://en.wikipedia.org/wiki/Template:TLS/SSL_support_history_of_web_browsers]. Older versions of all browsers have some impact including Safari and Firefox.

    It is also possible to try and attempt a SSL connection and warn customers if they need to modify settings or upgrade their browser.

    Reply
  12. Sandra Machleit

    I’ve noticed there is little reply to important questions regarding customers using Explorer below 10. In my past experience, the IT department has not been that helpful. Sure do hope you are ready for the store owners during this transition.

    Reply
  13. Lucia Stephenson

    Is there anything that needs to be done on my end? Setting changes, new software, etc.?

    Reply
  14. Amir

    Would you please add a script in our template, to check the IE version for the lower version than IE 10; then set up the browser parameters?

    Reply
  15. Linda Valentyne

    It may be helpful to have a notice saying older versions of there browers creat a secutity problems and will no longer supported and allow us to add PLEASE call xxx xxx xxxx

    Reply
  16. I. Nita

    I agree with JoanI and also feel that the generic message about TLS and the associated solution for checking TLS 1.0 or better using advanced tabs, to be a part of the same message would immensely help all Volusion customers.

    Reply
  17. Joan Bittner

    After the change, will Volusion be able to assess that a customer is using an older version? And if it is will there be a generic message with a link to the knowledge base for them to update their browser after they click to checkout?

    Reply
  18. Nikki

    I am very concerned about this because we certainly do get a lot of customers using IE 9 or lower, I checked. This is going to put a dent in our sales. I am going to need a better solution than just ‘telling my customers to change some settings in their browser” A lot of my customers don’t even know what a ‘browser’ is (even though they are using one). Are you guys working on a fix for this or are you going to just pass this problem along to me, your customer?

    Reply
  19. robert trovato

    what ahhpens when the customers does not have “explorer 10″ and is using another system?

    Reply
  20. Lori Phelps

    Hello – can you tell me please, have always had trouble, all along, with customers trying to purchase from us using Internet Explorer. will this update really work, making it possible for IE users to purchase from us without problems?
    thank you

    Reply
  21. Dinah

    How much is this going to cost us?

    Reply
  22. Aracely Ospina

    Thank you very much for this update! I like to be aware of this kind of changes.

    Reply
  23. Michael Gracy

    So what do you want me to do about this? Just sit back and lose a little business? Is there going to be a way to tell the users why they are getting this error message? And my sites are 100%, from the default.html all the way through, sounds like this will be an issue for guys like me! Mike

    Reply
  24. Ashirah Yosefah

    So how do we go about upgrading the TLS?

    Reply
  25. Christine

    Will this be an automatic change or will you guide us through the process? Thanks!

    Reply
  26. timothy lydon

    thanks for the heads up
    tim

    Reply
  27. Chris Tedesco

    Would you be willing to provide us with a simple add-on that we can put on our store front that includes a link to the Knowledge Base article for anyone using Internet Explorer 10 or lower?

    Reply
  28. Irene Guimera

    What does this mean for users of other browsers such as FireFox, Chrome and Safari?

    Reply
  29. DeAnna Nelson-Fleischaker

    Is there anything we need to due on our end to the Admin site to make the transition?

    Reply
  30. kevin struckhoff

    what about firefox or chrome users? will they be affected?

    Reply
  31. Colleen Kane

    Thank you for all the updates. Trying to learn as much as possible on branding and really growing web site. Thanks for tutorials.
    Best,
    Colleen

    Reply
  32. Andrew K

    Currently, a bit over 5% of our traffic comes from IE 10 and lower. While that does qualify as a small percentage, it is still quite significant when multiplied by our total volume. Not negligible at all. We want to continue to offer the best site experience for all our visitors, even if they are using older technology. What options may we have to communicate the necessary browser configuration settings to users who encounter this issue and may not call us to ask? Could Volusion provide some kind of modal dialog during checkout to guide users?

    Reply
  33. Cynthia Vandendriessche

    Will this change effect those companies that deal only with PayPal Pro as their credit card provider service?

    Reply
  34. Kathy C

    Will this change have any effect on Firefox or Safari users?

    Reply
    • Nathan Joynt

      Hi Kathy, no, the only browser and versions impacted are Internet Explorer 10 and below.

      Reply
  35. Andrew Cross

    Okay… sure to be a problem, as many customers have old computers and don’t auto update. My question / concern is what about all the other BROWSERS? We use Chrome, and have used Firefox.
    And tablets, and smart phones, that customers are starting to use, to place orders. Are those systems going to be able to handle the new level of security, or just create a lot of unhappy customers who take there business elsewhere when they get Check Out Security warnings?

    Reply
  36. Lewis German

    Will these people get a message instructing they why their browser won’t work and how to correct their problem?

    Reply

Leave a Reply