Knowledge Base

PCI Security and Browser Support

All connections to Click & Pledge payment pages use a secure web connection as indicated by the "https" and/or Green Padlock in the address bar. There have been different communications configurations (Protocols) used over the years to create a secure connection. Unfortunately, some of the older ones are no longer secure.

SSL 2.0 and 3.0, and TLS 1.0 are vulnerable to "Man-in-the-middle-attacks". This vulnerability is known as the "POODLE" vulnerability, which was a major topic in the media in the last quarter of 2014. At the time only affected SSL 2.0 and 3.0. It was later determined that TLS 1.0 was susceptible to a similar means of attack.

In order to maintain a secure connection for our customers, Click & Pledge disallowed SSL 3.0 on all systems in November 2014. We have also phased out the use of TLS 1.0 over the last few months as the percentage of browsers that can use TLS1.1 and above reached an acceptable level.  

Many browsers now update encryption settings automatically. A notable exception, however, is Microsoft's Internet Explorer. IE 9 and below are not supported. IE10 does not allow TLS1.1+ connections by default but the user can change those settings. See >this help article for information on setting up IE10.  
Click & Pledge suggests you acquire an SSL key to secure your website before embedding payment forms. Below is a list of the minimum version that supports TLS1.1 and above for each of the major browsers.

Minimum Browser Version that supports TLS 1.1+ Encryption

Browser

Version

Operating Systems Covered

Chrome 22 Win 7,8,10 - OS X- iOS - Android - Linux
Firefox 27 Win 7,8,10 - OS X- iOS - Android - Linux
Google Android Browser Android 5.0+ >Android 5.0+
Opera 14 Win 7,8,10 - OS X - Android - Linux
Opera Mini/Coast 14 Android - iOS
Internet Explorer 10* Windows 7, 8
Internet Explorer 11 Win 7,8,10
Microsoft Edge 11 (0.11) Windows 10
Safari 5-6**, 7 iOS
Safari 7**, 8 OS X


* Requires manual change in settings SUPPORT ENDS 12-JAN-2016
** Some sites may show instability


Powered by  Desk.com