Clinging to TLS 1.0 Puts Sites Outside PCI DSS ComplianceClinging to TLS 1.0 Puts Sites Outside PCI DSS Compliance
More than half of organizations could be out of compliance, new research shows.
August 22, 2018

When an old protocol refuses to die, it can have a major impact on security — and cause an organization to fall out of regulatory compliance. Case in point: New research from Panorays shows more than half of organizations could be out of PCI compliance because they just can't let go of TLS 1.0.
Panorays' review of 1,150 organizations indicated that 52% use TLS 1.0 on all of their websites (a total of 29,000), while another 45% use TLS 1.0 on at least one site. PCI DSS requires organizations to replace TLS 1.0 with TLS 1.1 or 1.2. The older protocol has been shown to be more vulnerable to man-in-the-middle and other attacks than its replacements.
Among the reasons speculated for companies retaining TLS 1.0 on their websites are the need to take care of endpoint users with old browsers and applications that don't support newer versions of TLS, and a lack of awareness of the PCI DSS requirements.
Read more here.
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023