Immediate Action Required
We received urgent information that our users who are on the OpenEdge PayMover (formerly PayPros) platform
are subject to new PCI regulations and will be unable to charge credit cards
after, February 28, 2018 with your current configuration.
Products Affected
Storage Commander V4
Previous versions of SCPayment will need to be updated to work with changes in PayMover's functionality.
Storage Commander V5
(Standalone and Cloud Editions)
Storage Commander V5 (Standalone and Cloud Editions) customers will have to be updated to retain functionality of credit cards via PayMover.
This has prompted our team to develop new updates for your Storage Commander software that will be available shortly for our customers who are current on their support. Out estimated release date for this update is Monday February 19, 2018.
Please note that while our Cloud customers have support included in their
plan, our standalone customers must be current on support to receive this update.
How to identify if you are affected by this change?
Storage Commander V4
If you are processing credit cards directly within Storage Commander V4 and your credit card processor is OpenEdge (previously known as PayPros™) you are affected by this change. If you process credit cards using a separate credit card terminal and manually enter in the approval code into Storage Commander after each transaction you are not impacted by this change. To verify the version of SCPayment that you are running right click on the SCPayment icon located in the system tray icons and select About. The SCPayment version number should be 3.13.0.0. If you are running an older version of SCPayment you will need to update by February 28, 2018. Installation instructions will be made available on our Solutions Portal on Monday February 19th, 2018.
Storage Commander V5 (Standalone and Cloud Editions)
If you are processing credit cards with OpenEdge directly in Storage Commander V5 (standalone and cloud edition) you will want to check your credit card settings within the Configuration Manager to see if you are affected by this change. If you process credit cards using a separate credit card terminal and manually enter in the approval code into Storage Commander you are not impacted by this change. To check your credit card settings log into the Configuration Manager and select Facilities. If you have multiple facilities listed within this screen you will need to confirm the credit card settings for each location. Click on the first facility in the list and select Settings. Within the Facility Details screen select Options. Within the Facility Options screen confirm which Credit Card Processor is currently selected. If the selected Credit Card Processor is PayPros you will need to install the Storage Commander update prior to March 1st, 2018. Storage Commander V5 installation instructions will be made available on our Solutions Portal on Monday February 19, 2018.
Technical Details
OpenEdge (previously known as PayPros™) PayMover Innovo Platform Security Update
The OpenEdge PayMover Innovo platform will no longer accept connections using SSL 3.0, TLS 1.0, TLS 1.1 connections after February 28, 2018. The Payment Card Industry Security Standards Council (PCI SSC)communicated that Secure Socket Layer version 3.0 (SSL v3.0) has vulnerabilities (i.e., POODLE, Freak, Heartbleed related compromises)and recommended removal of SSL v3.0 from all payment processing environments (i.e., processors, acquirers, financial institutions,and merchants). Subsequently, the PCI SSC released version 3.1 of the PCI Data Security Standards (PCI DSS) and indicated that some implementations using early versions of Transport Layer Security(TLS, version 1.0) were also vulnerable. The PCI SSC thus mandated the removal of both SSL v3.0, TLS v1.0 and TLS v1.1 from payment processing environments.