The information that follows is of a highly technical nature, will have a significant impact on business operations and should be reviewed by one of the following ASAP:
- The owner or operations manager
- Your IT director or resource
- Your in-house web programmer/system administrator
Who is Affected by this?
This is not about "Everest", this affects any merchant processing credit card payments on PayPal's older payment gateways / API's
Everest uses HTTPS to securely connect to PayPal’s servers for processing credit cards. This is handled by having the appropriate host in the processor detail screen - "payflowpro.paypal.com". When Everest communicates with the PayPal Payflowpro gateway it uses the TLS1.0 and/or SSL3.0 protocol to encrypt the data. The problem is that TLS1.0 and SSL3.0 both have vulnerabilities and are being phased out. To ensure the security of customers and merchants, credit card processing gateways must now adhere to industry best practices as set by the PCI Security Council; as a result, PayPal is updating its services to require TLS 1.2 for all connections.
Is this for real? There have been security updates before ...
This is very real. On Tuesday, April 17th, 2018 at 8 am PT, PayPal conducted a test as part of their published schedule leading up to the April 30 and June 30 deadlines. Less than 10 minutes into the test, the support queue for MARTEC360 had 3 support tickets related to credit cards not processing. Below are screenshots of the Everest CC processing status window of the "before" and "after" tests applying the PayflowPayments.com solution by MARTEC360. In both test cases, all of the appropriate security setting changes had already been applied to the server. This means that by simply applying all of the security cryptography updates on servers alone will not solve the problem.
Payflowpro with no changes
11:09am ET: Simulation of "doing nothing" while only having security settings applied on the server.
What does PayPal recommend?
PayPal and other gateways assume merchant organizations are using software from vendors that are still in business, that they have proper maintenance/updates on the software or have access to the source code of the software so that developers may make updates such as TLS1.2.
Unfortunately, this is not a real-world scenario for thousands of merchants which need an alternative path forward to being compliant because they cannot make these updates. To be more specific, this is the case in the Everest community where there are hundreds of companies are using older versions of the software which do not have the means to update to TLS1.2.
Below is a diagram of what PayPal recommends organizations do. The "red path" represents the Everest community. Because of this, companies using Everest Software versions 3, 4, 5, or version 6 should take action NOW so that they have a seamless transition to TLS1.2 credit card processing.
What does the Payflow Payments Solution do?
The PayflowPayments.com Solution by MARTEC360 works in the background and handles the necessary TLS1.2 communication without Everest customers needing to update any lines of software code or deal with any of the network security layers themselves. All this results in your ability to seamlessly continue working on into the future uninterrupted.
What Customers are Saying
I had no idea that my business was even going to be affected by this update. It would have been crippling to have lost credit card processing in the peak of our busiest time of year with no warning. It was nice to know that our partner Payflow Processing by MARTEC360 was already ahead of the problem with a solution.
Robert - President / CEO
With multiple retail locations along with our online sales, we would have been "done". The setup was easy, the team took care of everything and after some test transactions ... we were live. Great work!
Lee - President / CEO
For more than 10 years, MARTEC360 has given us the ability to deliver bottom-line growth based on their high-level marketing and technology strategy. They have proven to be the missing piece in the puzzle that most small to mid-sized business like ours needed.
Chris - President/CEO
We had never accepted credit cards other than through PayPal. We had just set everything up Payflow Pro when the April deadline was identified ... thankfully, the MARTEC360 team was already ready with their PayflowProcessing solution.
Jack - President
Everest TLS1.2 Credit Card Processing FAQs
PCI is for the Payment Card Industry Security Standards Council. The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
June 30th, 2018.
30 June 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.
MARTEC360, an industry leader in the marketing and technology solutions and services space, developed the solution and process behind PayflowPayments.com in order to solve the problem for a cluster of customers they work with. These organizations all run Everest Software, an ERP platform.
While working on the solution it became clear this challenge had far-reaching implications not just limited to the Everest community.
The following versions of Everest are all affected by this change. Version 7 may also be affected however Payflow Payments and MARTEC360 have not yet tested it.
Everest version 3.x
Everest version 4.x
Everest version 5.x
Everest version 6.x
Customers on version 7.x should contact Everest Support directly to start with to see if there is a patch/update as part of your maintenance. If you should run into any problems then our solution will work with version 7.x as well.
In short, you will not be able to process credit cards.
On April 17th, at 8am PT//11am ET, PayPal ran test as part of their technical testing windows. Within minutes, multiple customers had reached out to MARTEC360 for support on why their credit cards were not working. During this same test, MARTEC360 populated the payment settings into the File > Setup > Accounting > Processors details window for our beta environment. While the live server was failing with an error "Denied:Failed to connect to host Input Server Uri=https://payflowpro.paypal.com", our server was providing "approvals".
If you would like to test it on your own ahead of time, follow the steps below.
1. File > Setup > Accounting > Processors
2. Select your process for payflowpro
3. temporarily change the processor from "payflowpro.paypal.com" to "pilot-payflowpro.paypal.com".
4. process a test transaction with a credit card connected to the processor
The result will be a URI error. You will not be able to process credit cards without the PayflowPayments.com solution.
Make sure to change your processor back to the "payflowpro.paypal.com" after this test so that in the meantime you are processing credit cards.
The solution for Everest has a setup fee associated with each application server. The first application server has a $2500 setup fee. The remaining application servers will be charged at a reduced rate per server. Each application server must have these setup steps because each application server communicates directly with the processing gateways.
Additionally, because the MARTEC360 solution operates as an intermediary service, there is also a yearly subscription fee of $1200. The processing subscription is per "Everest company" processing credit cards.
NOW! Why risk your business and wait any longer than you have to. By getting your spot confirmed in the implementation queue you can guarantee yourself a seamless transition into secure TLS1.2 processing.
We are offering the following promotions in order to help you beat the rush on the deadlines.
April: $500 off the setup fee
May: $250 off the setup fee
before June 15: $150 off the setup fee
after June 15: no further promotions