Wind River Financial is committed to helping our merchant clients better understand how they can best protect their businesses and customers. As part of this commitment, we sent out a communication alert to our clients on Tuesday, October 21, 2014 concerning the vulnerability found in SSL 3.0 called POODLE.
This vulnerability could allow a hacker to carry out an attack to decrypt secure HTTP cookies, which could let them steal information or take control of the victim’s online accounts. Within the communication, we notified you that our processing partner TSYS was discontinuing support of SSL 3.0 when accessing eConnections, their online reporting tool.
Since that alert, many technology solution providers, including some gateway partners, have already made indications that they will stop supporting SSL 3.0. Wind River Financial strongly recommends that clients should address this with their internal IT, Information Security, and/or Risk Management staff and have them connect with their other solution partners to assess the potential vulnerability within your current configurations.
Please review the communication link from Visa which provides guidance to mitigate this vulnerability.