New PCI DSS Requirements for Credit Card Processing

March 13, 2018


By now, you may have received notice from your credit card processor or from NCR about upcoming changes to credit card processing that will take place in the next few months.  We wanted to help explain these changes and put them into perspective for your business.

The new Payment Card Industry Data Security Standards (PCI DSS) require all PA-DSS validated payment applications to discontinue the use of early TLS by June 30, 2018.  This includes all versions of SSL and any version of TLS 1.0 or earlier.

To comply with this requirement, NCR Secure Pay will begin requiring TLS version 1.2 for all connections beginning June 5, 2018.  In addition, NCR has released a Counterpoint service pack for version 8.4.6 and patches for versions and 8.5.4 to allow Counterpoint to utilize TLS 1.2.


  What this means for you

In order to continue processing credit cards through Counterpoint after June 5, 2018, you must ensure that you are on a patched version of Counterpoint v8.5.2.1 or v8.5.4 or have applied the v8.4.6.19 service pack.  You must also ensure that you have migrated from CPGateway to NCR Secure Pay as your credit card gateway.

In addition, every computer that accesses Counterpoint must be on an operating system that supports TLS 1.2.  These operating systems include:

Windows Server 2008 R2 (with security patch)
Windows Server 2012
Windows Server 2016

Windows 7 (with security patch)
Windows 7 Embedded (with security patch)
Windows 8.1
Windows 10

Operating systems not listed are not compatible with TLS 1.2 and will not allow credit card processing once TLS 1.2 is implemented.


  Next Steps

To ensure no disruption of service, we recommend the following steps:

(1) Check your Counterpoint version.  You can do this in System | Views | Environment in Counterpoint.  If you’re currently on version or 8.5.4, you still need a patch to enable TLS.  If you’re on version 8.4.6.x, we’ll need to schedule a service pack installation to update your system to or an upgrade to or 8.5.4.   
TLS 1.2 should not be enabled until the rest of this checklist is complete – if you have workstations or servers that are not TLS 1.2 ready, they will not be able to process credit cards once TLS 1.2 is enabled.

(2) Check each of your servers/workstations for compatible operating systems.

Right-click My Computer, My PC, or This PC in file explorer and click Properties.  The operating system will be listed there.  Use the Server / Workstation Operating System Matrix below to help identify areas of concern.

From each machine, launch Internet Explorer and go to  Look at the Version section to ensure TLS 1.2 is being used:

TLS Check

Be sure to run this test from Internet Explorer, even if that is not the default browser.  Other browsers do not use the Windows TLS stack and may display incorrect results.

(3) If you’re still on CPGateway, sign up for an NCR Secure Pay account.

Log in to using your serial number and zip code

You can find your serial number in Setup | System | Registration in Counterpoint.  It should be a 6-digit number that begins with the number 8.

Navigate to Solutions | Payment Solutions | NCR Secure Pay and register for a new account.  Use Promo Code CPGUSER to waive activation fees.

Contact us to help update Counterpoint to use the new NCR Secure Pay account.

Once you’re up and running with NCR Secure Pay, be sure to cancel the old CPGateway account so you don’t continue to accrue charges.

(4)  Reach out to us to schedule upgrades / patches / hardware replacements, or just to help confirm your independent results.  We’re here to help!


  Server / Workstation Operating System Matrix

Windows Compatibility Matrix