Layer 7 Payment Security

 View Only

Visa Digital Certificate Policy Changes

  • 1.  Visa Digital Certificate Policy Changes

    Broadcom Employee
    Posted Apr 05, 2016 04:11 PM

    Dear Customer,


    In light of a recent bulletin by the Payment Card Industry Security Standards Council (PCI SSC), regarding migrating from Secure Sockets Layer (SSL) and earlier versions of Transport Layer Security (TLS), Visa has provided the following requirements to enhance security of the 3D Secure program and participating entities. The specific memo's dated 3rd and 4th Feb 2016, document# VE 09/16, announce dates for some of these enforcement's. CA has been proactively working with Visa and has already taken actions to account for these changes as follows:


    1. Effective 31 March 2016, Visa will not allow RC4-encrypted connections to any Verified by Visa hardware: CA Transaction Manager does not need any change to comply with this requirement. Our software has inbuilt support for newer ciphers that Visa intends to use and we do not anticipate any impact on transactions post this date due to this change.


    1. Effective 30 June 2016, Visa will enable the use of TLS versions 1.1 and 1.2 encryption for all Verified by Visa hardware: All instances of CA Transaction manager are targeted to be upgraded to version 7.5.3 by the middle of April 2016. This version has support for TLS1.1 and 1.2.


    1. Effective 30 June 2018, Visa will disable the use of TLS version 1.0 and require that secure connections to any Verified by Visa hardware use TLS version 1.1 encryption or higher: CA will support newer TLS protocols TLS1.1 and TLS 1.2 by April 15th, 2016.



    1. Effective 8 April 2016, Visa will begin issuing SHA-2 digital signing certificates/Visa will stop issuing SHA-1 digital certificates: CA has requested SHA-2 Server certificates for all instances in SaaS. These certificates, once received will be deployed in production before April 8th. We anticipate this activity to complete by April 4th 2016. CA will initiate certificate request for all member signing certificates in production for Visa starting 8th April 2016 and expect to complete this exercise by June 30th 2016. Existing signing certs will continue to work as-Is till end of year with no impact.


    1. Effective 1 January 2017, CA / Browser Forum deadline: No SHA-1 certificates will be accepted after this date: We intend to complete migration for all Visa issued certificates to SHA-2 by 30th June 2016. CA will send out a communique once the migration project is complete.


    CA has a community page for customers to ask and discuss any topics related to this issue, as always feel free to contact the CA Support team at by phone at 1-866-992-7268 (or your regional support contact) or submitting a request at

    For information on how to use community page, please follow this link, a copy of this communique is at this link.


    We thank you for choosing CA to serve your 3DSecure needs.



    The CA Payment Security Team



    Copyright © 2016 CA, Inc. All rights reserved.  All marks used herein may belong to their respective companies. This document does not contain any warranties and is provided for informational purposes only.