Protecting the payment and customer data that flows through our system is job 1. To that end, we recently implemented two measures that help ensure the security around that data is as strong as it can possibly be.
The most recent measure was to begin sending postback notifications over secure Https URLs only. This change, which helps ensure that our merchants’ sensitive data are always encrypted in transmission, took effect on September 30th.
This follows our upgrade in May to TLS 1.2 encryption, the latest security standard. Together, these measures significantly bolster our defenses around customer and payment data, and were a key part of our preparations for the EU’s General Data Protection Regulation (GDPR).
Segpay merchants whose postback scripts are not already hosted on an Https URL with TLS 1.2 support should upgrade asap to continue receiving postback data without interruption. Here is one tutorial that helps explain how to upgrade. If you’re looking for a free certificate in order to enable Https, some of our merchants have had success using Let’s Encrypt.