NCR Secure Pay Ending Early TLS Support by June 12, 2018

NCR SecurePay Ending Support for Early TLS Connections by June 30, 2018

March 7, 2018

Payment Card Industry Data Security Standards (PCI DSS) require all PA-DSS validated payment applications to discontinue the use of “early TLS” (i.e., all versions of SSL and TLS 1.0) by June 30th, 2018

To comply with this PCI DSS requirement, NCR Secure Pay will no longer accept early TLS connections (i.e., all versions of SSL and TLS 1.0) after 2:30 A.M. on June 12th, 2018.
Author's imageNCR Corporation

You are likely wondering what this mean for NCR Counterpoint. The over simplified answer is this. If you are using NCR Secure Pay you must take some action in advance of June 12th, 2018 to continue to process credit cards.

The more complex answer is this: There are two categories that NCR Counterpoint and NCR Secure Pay users will fall into:

  • Clients on V8.4.6.18, V8.5.2.1, or V8.5.4 using NCR Secure Pay
    You will have a path forward as NCR releases service packs or patches for those specific versions. NCR has release plans for patches for these three versions only. Please remember that these dates are estimates at this time, nothing has been released yet.

    • V8.5.4 Patch 002: Available Now
    • V8.5.2.1 Patch 004: Available Now
    • V8.4.6.19 Service Pack: Available Now
  • Clients on any version other than V8.4.6.18, V8.5.2.1, or V8.5.4 using NCR Secure Pay
    You will have a path forward that will require a version upgrade plus the version specific service pack or patch. Version upgrades frequently have new system requirements that may require you to also upgrade hardware such as server hardware, operating systems, and Microsoft SQL versions.

Failure to follow these steps will result in Counterpoint not being able to connect to NCR Secure Pay and you will not be able to process payments.

NCR indicates the expected error should be something along the lines of “could not connect”, such as Ex. “The client and server cannot communicate, because they do not possess a common algorithm”.

System requirements in terms of supported Operating Systems (Windows version) for the Counterpoint versions of V8.4.6.18, V8.5.2.1, and V8.5.4 have ranged from Windows XP and POSReady 2009 up through Windows Server 2012 R2 and Windows 10, and this is where you might be most highly impacted by this PCI DSS requirement. We recommend you visit every Server, Workstation, and POS Terminal to identify and record the Operating System installed and check it to see if TLS 1.2 is enabled by going to this URL from that specific computer: https://howsmyssl.com

Patch / Upgrade Quick Reference Tool

We have prepared a quick reference tool below that helps you determine your upgrade / update path along with TLS 1.2 compatibility based on selecting your current version of NCR Counterpoint and Microsoft Windows Operating System together.


Counterpoint Upgrade Required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

By default, TLS 1.2 is supported and enabled in Windows 8.1, Windows 10, and Windows Server 2012 R2. Thus, no additional configuration is required to use TLS 1.2 with these operating systems.

Counterpoint Upgrade Required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

If your NCR Counterpoint workstations are running Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, first ensure that you have installed all current Service Packs, updates, and security patches.

To enable TLS 1.2, create the registry setting entries (in the Client subkey) that are specified in the TLS 1.2 section of the Transport Security Layer (TLS) registry settings page in the Microsoft Documentation Library.

If you are using Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, you can verify whether TLS 1.2 is supported and enabled on each of your NCR Counterpoint workstations by using Microsoft Internet Explorer to access the How’s My SSL? Website (https://howsmyssl.com). Only use Internet Explorer to verify that your workstation is using TLS 1.2; other browsers do not use the Windows TLS system and may display incorrect results.

Counterpoint Upgrade Required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

Operating System(s) not supported, systems must be replaced

Counterpoint Upgrade Required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

NOTICE:
NCR does not currently plan to test or support TLS 1.2 with Windows Embedded POSReady 2009. Although Microsoft has released a patch to add support for TLS 1.2, merchants who wish to continue using POSReady 2009 must do so at their own risk.

We strongly recommend upgrading any workstation that is running Windows POSReady 2009 to a newer, supported operating system.

Counterpoint update to Service pack 8.4.6.19 required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

By default, TLS 1.2 is supported and enabled in Windows 8.1, Windows 10, and Windows Server 2012 R2. Thus, no additional configuration is required to use TLS 1.2 with these operating systems.

Counterpoint update to Service pack 8.4.6.19 required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

If your NCR Counterpoint workstations are running Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, first ensure that you have installed all current Service Packs, updates, and security patches.

To enable TLS 1.2, create the registry setting entries (in the Client subkey) that are specified in the TLS 1.2 section of the Transport Security Layer (TLS) registry settings page in the Microsoft Documentation Library.

If you are using Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, you can verify whether TLS 1.2 is supported and enabled on each of your NCR Counterpoint workstations by using Microsoft Internet Explorer to access the How’s My SSL? Website (https://howsmyssl.com). Only use Internet Explorer to verify that your workstation is using TLS 1.2; other browsers do not use the Windows TLS system and may display incorrect results.

Counterpoint update to Service pack 8.4.6.19 required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

Operating System(s) not supported, systems must be replaced

Counterpoint update to Service pack 8.4.6.19 required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

NOTICE:
NCR does not currently plan to test or support TLS 1.2 with Windows Embedded POSReady 2009. Although Microsoft has released a patch to add support for TLS 1.2, merchants who wish to continue using POSReady 2009 must do so at their own risk.

We strongly recommend upgrading any workstation that is running Windows POSReady 2009 to a newer, supported operating system.

Counterpoint Upgrade Required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

By default, TLS 1.2 is supported and enabled in Windows 8.1, Windows 10, and Windows Server 2012 R2. Thus, no additional configuration is required to use TLS 1.2 with these operating systems.

Counterpoint Upgrade Required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

If your NCR Counterpoint workstations are running Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, first ensure that you have installed all current Service Packs, updates, and security patches.

To enable TLS 1.2, create the registry setting entries (in the Client subkey) that are specified in the TLS 1.2 section of the Transport Security Layer (TLS) registry settings page in the Microsoft Documentation Library.

If you are using Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, you can verify whether TLS 1.2 is supported and enabled on each of your NCR Counterpoint workstations by using Microsoft Internet Explorer to access the How’s My SSL? Website (https://howsmyssl.com). Only use Internet Explorer to verify that your workstation is using TLS 1.2; other browsers do not use the Windows TLS system and may display incorrect results.

Counterpoint Upgrade Required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

Operating System(s) not supported, systems must be replaced

Counterpoint Upgrade Required

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

NOTICE:
NCR does not currently plan to test or support TLS 1.2 with Windows Embedded POSReady 2009. Although Microsoft has released a patch to add support for TLS 1.2, merchants who wish to continue using POSReady 2009 must do so at their own risk.

We strongly recommend upgrading any workstation that is running Windows POSReady 2009 to a newer, supported operating system.

Counterpoint Patch 004 required.

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

By default, TLS 1.2 is supported and enabled in Windows 8.1, Windows 10, and Windows Server 2012 R2. Thus, no additional configuration is required to use TLS 1.2 with these operating systems.

Counterpoint Patch 004 required.

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

If your NCR Counterpoint workstations are running Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, first ensure that you have installed all current Service Packs, updates, and security patches.

To enable TLS 1.2, create the registry setting entries (in the Client subkey) that are specified in the TLS 1.2 section of the Transport Security Layer (TLS) registry settings page in the Microsoft Documentation Library.

If you are using Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, you can verify whether TLS 1.2 is supported and enabled on each of your NCR Counterpoint workstations by using Microsoft Internet Explorer to access the How’s My SSL? Website (https://howsmyssl.com). Only use Internet Explorer to verify that your workstation is using TLS 1.2; other browsers do not use the Windows TLS system and may display incorrect results.

Counterpoint Patch 004 required.

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

Operating System(s) not supported, systems must be replaced

Counterpoint Patch 004 required.

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

NOTICE:
NCR does not currently plan to test or support TLS 1.2 with Windows Embedded POSReady 2009. Although Microsoft has released a patch to add support for TLS 1.2, merchants who wish to continue using POSReady 2009 must do so at their own risk.

We strongly recommend upgrading any workstation that is running Windows POSReady 2009 to a newer, supported operating system.

Counterpoint Patch 002 required.

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

By default, TLS 1.2 is supported and enabled in Windows 8.1, Windows 10, and Windows Server 2012 R2. Thus, no additional configuration is required to use TLS 1.2 with these operating systems.

Counterpoint Patch 002 required.

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

If your NCR Counterpoint workstations are running Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, first ensure that you have installed all current Service Packs, updates, and security patches.

To enable TLS 1.2, create the registry setting entries (in the Client subkey) that are specified in the TLS 1.2 section of the Transport Security Layer (TLS) registry settings page in the Microsoft Documentation Library.

If you are using Windows 7, Windows Embedded POSReady 7, or Windows Server 2008 R2, you can verify whether TLS 1.2 is supported and enabled on each of your NCR Counterpoint workstations by using Microsoft Internet Explorer to access the How’s My SSL? Website (https://howsmyssl.com). Only use Internet Explorer to verify that your workstation is using TLS 1.2; other browsers do not use the Windows TLS system and may display incorrect results.

Counterpoint Patch 002 required.

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

Operating System(s) not supported, systems must be replaced

Counterpoint Patch 002 required.

  • TLS 1.2 must be enabled
  • Upgrade, service pack, or patch must be applied

NOTICE:
NCR does not currently plan to test or support TLS 1.2 with Windows Embedded POSReady 2009. Although Microsoft has released a patch to add support for TLS 1.2, merchants who wish to continue using POSReady 2009 must do so at their own risk.

We strongly recommend upgrading any workstation that is running Windows POSReady 2009 to a newer, supported operating system.

Should you have older systems in your environment that will require a Hardware or Operating System upgrade change in order for your CounterPoint software to be upgraded, please refer to the NCR Online Help Topics for System Requirements to know what is currently supported.

Please allow us to help you be prepared in advance of June 12th 2018 by reaching out to your Account Manager or Helpdesk with any level of question you might have. We know this topic is very technical and could be confusing, but we are here to help.

Please call 757-482-6343 or 888-476-7911 Press 1 for Helpdesk or 2 for the Sales team, or email [email protected]