Ask HN: How to deal with vendors who run outdated TLS?
4 by nvahalik | 0 comments on Hacker News.
Someone I know uses a custom point-of-sale system that is tied to their business. It does not only order management, but it also processes transactions and handles customer information. Today I get a frantic message from this person that their browser says the site is insecure and refuses to load it. They cannot access their order information or process payments. This person is runs a small (franchised) business. But they are worried about the security of the system that they are using. I put in the URL for the POS system into the ssllabs.com tests and sure enough, it scores an "F", runs TLS 1.0, etc. What makes matters more complicated is that there has been some chargeback fraud happening. It is probably unrelated to this, but it makes one wonder. Given that there are PCI considerations, is there any recourse as a franchisee to something like this? They could refuse to use the system, but are afraid of losing orders or being accused of some franchise agreement breach. My advice so far has been to yell as loud as possible, provide documentation, make as much noise as possible, and use cash/check/PayPal to process payments until the provider get the issue resolved. The provider was frustrated that this person wouldn't just use Internet Explorer, since that's what they suggest everyone else to do. Any advice here? What would you do?
Don't forget to subscribe our youtube channel Click here:- http://www.youtube.com/c/techgk Product of the day
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment