VPCart Sage Pay Gateway Is Compatible With Upcoming TLS Security Updates
For Sage Pay merchants, recently you must have received the below email from Sage Pay regarding their upcoming TLS1.2 update.
Important Reminder TLS 1.2 update
Further to our previous emails we want to remind you about the important update to payment processing which will be happening soon. To avoid the busy Easter weekend, the new planned date for the change is Thursday 5th April.
Sage Pay are committed to ensuring the highest levels of security across all our systems. With this in mind, we're upgrading the protocols that are used to secure all external connections to our systems to the latest and safest. We contacted you in November to let you know of these imminent changes to the protocols used to secure connections to our systems. The updates to our Test Server connections were completed in January as planned.
This is not an action Sage Pay is taking alone, all websites that send or process credit card data will be making this change to protocol Transport Layer Security 1.2 (TLS 1.2). This will become mandatory for communication with Sage Pay.
The next steps are to make the same changes to our Live Server in March 2018. Please see below for a reminder of the key information about the action you need to take to prevent disruption to your payment processing and the important dates.
What is TLS?
You or your developer can find out which TLS protocol your website uses by
entering your domain on a website like www.ssllabs.com
Am I impacted?
If you use "Sage Pay Server" or "Sage Pay Direct" Integration to process ecommerce payments you will need to ensure your systems use TLS 1.2 before the deadline dates below.
If you use "Sage Pay Form" or use the Sage Pay Virtual Terminal for Telephone or Mail Order payments you will not need to make any changes.
You can find out which Integration system you currently use by locating any transaction in MySagePay, clicking the 'Additional Details' tab on the left menu, and viewing the "System Used" detail shown.
When will the changes happen?
To avoid any disruption to Live Payments, your systems will need to be ready for this change by 5th April 2018.
Why are you making these changes?
The PCI Security Council sets the rules on which technologies are acceptable for use in sending cardholder data. They have identified TLS 1.0 or 1.1 as no longer acceptable
We understand that technical information of this nature can seem daunting, please pass the information above to your development team, web hosting provider or e-commerce software provider if you are unsure.
Therefore, if you continue to get the notification e-mail from Sage Pay you can ignore it.
For older VPCart versions (v7, v650 etc..) that still use older version of Sage Pay gateway, we would suggest you to upgrade to our very latest VPCart version and then only use the Sage Pay Form gateway that you can download from https://www.vpasp.com/sales/epdownload800.asp.
For those who is seeking for a very stable and TLS 1.2 compatible web hosting, you may want to review our hosting package at :
If you have any questions regarding this, please submit a helpdesk ticket to us at https://helpdesk.vpcart.com.
VPCart Customer Care