From 10th January 2018, Reward Gateway will turn off the Transport Layer Security (TLS) 1.0 and 1.1 encryption protocols which we use across all of our services. 

But don't be alarmed – all this means is that a browser supporting TLS 1.2 or newer must be used when using our products.

Why we're making this change

TLS 1.0 and TLS 1.1 ensure that any communications with us stay private by generating a series of random ‘bytes’ which are used to encrypt a connection.

Unfortunately, vulnerabilities have been discovered in how these versions of TLS operate, including the BEAST and RC4 biases. This means there's a very small chance that someone could read the data being exchanged by us.

Although there is no indication that this has happened, we’re adopting industry best practices and responding to the increased risks.

What this means for end users

A small minority of users that continue to use older browsers will no longer be able to connect to the website anymore. 

These users are already likely to be experiencing other difficulties on sites outside of Reward Gateway as support for these has dropped across the industry. Salesforce, Stripe and all other e-Commerce companies are making similar changes.

How we're communicating it to end users

We're working on a notification which will be displayed to users when we detect that they're using a browser which does not support TLS 1.2. 

This notification will tell them that they will experience difficulties after the above date and suggest a relevant upgrade to avoid this.

Qualys have also published a helpful page that checks the browser being used to see if it will be impacted. If it shows the message "Your user agent supports TLS 1.2" under Protocol Support, the browser will not need to be upgraded.