*** Important Notice *** – Windows XP and Windows Server 2003 No Longer Supported


*** Important Notice ***

Windows XP and Windows Server 2003
No Longer Supported by Cayan (Merchant Warehouse)

If you have any computers still using Windows XP or a server running Windows Server 2003, as of May 18th, 2015 you won’t be able to get credit card approvals unless you either upgrade the operating systems or apply patches to those operating systems making them more secure.

If you do not understand what you are about to read below, please contact your IT professional (not flowerSoft) to help you upgrade your obsolete computer system(s).

You should have received an email from Cayan (Merchant Warehouse) stating:

Cayan is dedicated to maintaining a high level of security and protecting all communications with our partners and merchants. On May 18, Cayan will be taking steps to further protect the privacy and security of our partners’, merchants’ and cardholders’ data. First, Cayan will no longer support the use of the RC4 cipher used to encrypt data. This cipher is considered weak and are susceptible to attack, and is disallowed by PCI. Cayan supports the more secure DES and AES ciphers. Second, Cayan will begin using stronger digital certificates, issued by DigiCert. These changes increases the certificate’s strength to use 2048 bits and uses the more secure SHA-2 hash algorithm instead of MD5, which is considered weak and is susceptible to attack.

To prevent our systems from being exposed to these threats, Cayan will be making changes to its security protocols on May 18.

What systems are affected?

Any system that makes an encrypted connection to Cayan and only uses the RC4 cipher. Any system that does not have the DigiCert Global Root CA certificate in its certificate store. Any system that makes an encrypted connection to Cayan using only the MD5 hashing algorithm. This includes web browsers, points of sale, and terminals.


Please click on the link below after you read this if you think you may be affected by this change:
https://cayan.com/ssl


How do I know if I am affected? Is there a way for me to check my terminal or point of sale?

Most modern operating systems will not be affected by this change. Some older operating systems (such as Windows XP, Windows POSReady 2009, and Windows Server 2003) will work, but require certain patches to be applied, described below. Other older operating systems (such as Windows 2000) do not support these modern security protocols and are no longer receiving updates from their respective vendors. Because of this, these systems are not PCI compliant and will not be supported by Cayan beyond May 18. Please consult your IT department for the specific ciphers your systems support.

If you are able to visit this test page from a web browser on your point of sale without seeing any warnings or errors, you are likely unaffected by these changes.

What will happen if I am affected?

If you fall into one of the above categories and you do not take corrective action by May 18th, you will not be able to process transactions as Cayan will no longer support these insecure security protocols.

I believe that I will be affected by this change. What corrective actions should I take?

In accordance with PCI standards, Cayan always recommends using operating systems that are being actively supported and updated by their vendors. Operating systems such as Windows Server 2000 and Windows XP have fallen out of support with Microsoft. Additionally, Microsoft will no longer support Windows Server 2003 beyond July 14, 2015. These out of date systems may presently work with Cayan’s payment gateway, but they do not use up to date security standards, may be susceptible to attack, and cannot be certified as PCI compliant, as they are no longer receiving updates from Microsoft. Because of their age, it is unlikely that Cayan will be able to support these systems much further into the future.

Before May 18:

Please ensure that you have installed the latest service packs and updates from your operating system vendors and point of sale vendors. For Windows XP, this means that you must be updated to Service Pack #3. Windows POSReady 2009 is based on Windows XP Service Pack #3, and should not require any additional updates. For Windows 2003, this means that you must be updated to Service Pack #2. Windows 2003 users must also install the following hotfix from Microsoft to enable SHA-2 based encryption. On Windows XP, Windows 2003, and Windows POSReady 2009, Cayan strongly recommends upgrading your browser to Internet Explorer 8, which is the latest version of that browser supported on those platforms. Windows 2000, Millennium, and earlier are not supported by Cayan.

Older operating systems such as Windows XP and POSReady 2009 require that you download the DigiCert Global Root CA certificate and install it into your point of sale’s trusted key store. On a Windows system, you can do this by double clicking the certificate once you have downloaded it and then following the prompts on screen.


To download the certificate from Digicert:
http://cacerts.digicert.com/DigiCertGlobalRootCA.crt


For enterprise deployments (e.g. supporting multiple points of sale, potentially across multiple physical locations/storefronts), you may wish to use Windows Group Policy to install this certificate and these security patches onto multiple machines. Please consult your IT department for more details.

I took corrective action. How can I test that everything worked?

If you are able to visit this test page from a web browser on your point of sale without any warnings or errors, it is likely that your system will work after Cayan’s switchover on May 18th.

Cayan has also set up a test environment with these security settings already applied. This environment is reachable via its external IP of 63.128.13.166. Please consult your IT department and/or POS vendor for instructions on how to validate your system against Cayan’s test environment.

For questions regarding this, please contact Cayan’s technical support team at 855-273-4203


Please click on the link below after you’ve read this if you think you may be affected by this change:
https://cayan.com/ssl


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s