2048-bit SSL encryption

Question Status

Kent Johnson asked a question on 30 May 2013 11:14 AM

Hi everyone.  I have a letter from Wells Fargo Bank telling me our equipment may not support the new 2048 SSL encryption standards for credit card transactions.  What is the solution for this problem?


Thanks for all your previous support.

jmunoz responded on 31 May 2013 8:41 AM

I have the same letter... I was able to verify that I'm "using" 1024-bit, but all the searches I have done do not tell me how to update/upgrade my certf to 2048 bit.  

jmunoz responded on 4 Jun 2013 12:03 PM

here is the reply from MS.  I sent them a copy of the letter so they knew what I was referring to.  Their answer is :

When looking into this, I found the following information.  I hope that this helps.

The SSL encryption used during payment processing is controlled by the payment processor (the website/gateway owner). All Microsoft online services use RSA 2048-bit encryption, including Dynamics Online. It is our understanding that TSYS is also using this encryption; contact TSYS for more information. If you are using another provider, contact them directly with your questions.

Best Regards,

Shawn with Microsoft Retail Support.

Kent Johnson responded on 4 Jun 2013 2:23 PM


    I have been in contact with my RMS partner, and found out that I do not have the latest service packs installed.  I am in the process of obtaining them, and then I should be in compliance.  

    Thanks for all your support.

jmunoz responded on 5 Jun 2013 7:36 AM

I thought the answer I received was too easy.  Can you post what update was missing?  It would really help me figure out what I need.  I've gone from Wells, to MS, to Wells, to Visanet, to AT&T (they provide our internet) and now they're telling me I need to drop T1 lines in order to have the 2048 bit SSl??


Kent Johnson responded on 5 Jun 2013 8:57 AM

Service pack 3 and probably 4 are needed to upgrade your system to the 2048 requirements.  Your partner will get you set up.  You must have a yearly contract to obtain the upgrades that you need

Kent Johnson responded on 11 Jun 2013 9:48 AM

Hi, it seems there is a lot of finger pointing going on here, blaming the internet service provider etc for any problems with the 2048 requirements etc.  I have come to the conclusion that MS RMS is in compliance with the new requirements only if it is up to date with the latest service packs etc.  I have SP2 installed on my machines, which is not up to date and thus is not compliant with the 2048 requirements.  I am in process of acquiring the necessary updates from my partner.  

    I am not satisfied with the arrangements that Microsoft has for communicating with me about new features, new service packs-updates etc.  My partner is rather silent on new developments, and will help with any problems, but is not too free with new information or developments with the software.  He does not keep me informed of software or industry developments.  Maybe a newsletter from Microsoft RMS would be nice.  I will look around the site today to see if anything jumps out at me to keep me informed.

jmunoz responded on 11 Jun 2013 10:27 AM

I found the solution!  We are opening a 2nd location and as we were discussing who to use for our cc processing, I had an ah ha moment.  If I purchase a stand alone terminal and debit card terminal, I do not have to worry about being compliant because the machine is talking directly with the processor, which is compliant-I basically bypass MS RMS.  My solution is to disconnect my pin pad and our magtek swiper from the PC.  This will stop the communication thru MS RMS, which is not compliant and they can't figure out how to get there.  Yes it is an additional expense and frustrating, but since all fingers point to MS and they don't make it easy, I just won't buy their software again..EVER.   Although this defeats the purpose of the RMS software, I believe my problem is solved.  

Jeff @ Check Point Software responded on 11 Jun 2013 1:12 PM

Why is this an MS issue?  If you keep up with the Maintenance, you are/would be compliant.  It costs $.53 per day/lane for the least expensive Maintenance plan.

I guess you don't know that most all standalone devices will need replacement by 2015 to support EMV and Pin and Chip either.

Come on back and tell us how well the terminal works when your cashier enters $1000 for a $100 sale or worse $100 for a $1000 sale.

I also don't understand why the hate to pay for and keep your software updated.  MS didn't change the rules to go to 2048, Wells Fargo and other banks did.  Software upgrades are always going to be needed and in some cases you have to pay for them!

jmunoz responded on 11 Jun 2013 2:53 PM


I don't mind paying for the upgrade support, but my rant was about the lack of

assistance that MS gives.  If you see the post before mine, I'm not the only one AND he has a

support partner!  So, if a VAR or MS partner can't help or is not familiar with the updates because

MS hasn't notified them, why have a plan?

Also, I do know that my equip will probably have to be updated in a few years. BUT at least I'll

Know it's the equipment and  won't have to hunt around forums for solutions.

BTW, I have yet to find anyone in the Houston area that can provide support and updates

for $.53 per day. Thanks

Jeff @ Check Point Software responded on 11 Jun 2013 4:51 PM

Different Partners provide different levels of support, some are just box pushers, some are more active/responsive.

We actually install updates for our clients remotely so they do nothing other than read the email that says we have installed them and any major changes that were made. This is part of our monthly, 24/7, RMS support plan.

The $.53 per day refers to the BREP Maintenance plan from MS.  It runs $190.40 per lane/year (16% of $1190 MSRP), it does not include any support from MS, just program updates.  There are 2 more expensive plans, BRAP and BRAP+ at 18% or 25% of MSRP that includes some MS support. We encourage our clients to purchase the least expensive version and then use us for RMS support. Here's a link to the MS plans: www.microsoft.com/.../service-plans.aspx

Click on the dropdown to find the option for RMS/POS.

Why do they have to be in Houston?  We service clients all over the U.S. and Canada remotely from our Las Vegas, NV office.

HCF responded on 10 Jul 2013 9:30 AM


Are you aware of any documentation provided by Microsoft that states in clear language that RMS FP2 is compliant with and supports SSL 2048, or that answers the Wells Fargo language.  Clients are more happy seeing something official than hearing me say it.

Thank you,


Jeff @ Check Point Software responded on 10 Jul 2013 1:00 PM

None other than what Shawn from MS posted earlier.

I don't have the letter everyone is referring to, but I think I was told the new process was to take effect July 1.  I don't see anyone complaining here now on the 10th.

jmunoz responded on 10 Jul 2013 1:26 PM


Here is what the letter states:

"The new standards are effective August 31, 2013.

If your equipment is not updated by that time, your Point of Sale equipment may not be able to connect to the Internet to process transactions."  

That might be why no one is complaining ..yet..


HCF responded on 11 Jul 2013 8:37 AM


I attempted to send you the letter.


It would be of great benefit to provide clear information on this issue to your VARs and clients.



Jeff @ Check Point Software responded on 11 Jul 2013 1:22 PM


I got it from someone.  Has anyone called the number on the letter and set up a test account to see if it works with the new requirements?

Should be easy enough to do.