5 November 2014
Category PCI-DSS, Security
5 November 2014,

Recently, a vulnerability in SSLv3 was discovered and exploited using an attack method called POODLE.  Due to this vulnerability, many service providers have decided to require TLS for secure communications going forward. (more about POODLE here: http://en.wikipedia.org/wiki/POODLE)

As of November 4th, 2014, Authorize.Net has permanently disabled SSLv3 due to the POODLE vulnerability in older versions of SSL (http://www.authorize.net/blog/?page_id=5561617).

Platypus 5 uses an SSLv3 implementation for the Authorize.Net integration.  Therefore, credit card transactions began failing on the morning of November 5th, 2014.  We are aware of the issue and will be working to distribute a credit card library that will allow the continued processing of Authorize.Net transactions from Platypus 5.0.  This library should be available on November 6th, 2014.

Platypus 6 and Platypus 7 utilize a TLS implementation and are unaffected.  IPPay integrations with Platypus 5 and above will continue to work as it uses a different library for secure communication.

We will post an update when the library becomes available and/or other processors are affected.

Comments are closed.