Sage Pay's Chief Technology Officer Andrew Weir updates on the Poodle vulnerability...
Our security team have been undertaking extensive checks to ensure our systems have not been affected and we are confident this is not the case.
However, to ensure ongoing security and peace of mind for our customers, there are some actions we will be making which may affect you and your customers:
We will be disabling SSLv3 support for older browsers and this means that from 02nd December, any customers who are using this type of browser such as IE6 or IE8 to purchase via your site, may not be able to reach the payment pages of your website. They will be required to upgrade to a higher version of Internet Explorer or use a recent version of Firefox or Chrome in order to purchase.
Because of this, it is important you let your customers know about this change to avoid loss of sales.
To help with this please click here for a banner which you can save and post on your website.
If you are using an older browser to connect to us, you may also be affected by the disabling of SSLv3, however to mitigate the risk of any affect to transactions in the run-up to the busy seasonal period, you will still have full functionality using SSLv3 until the end of January 2015.
To act as a reminder, we will also be displaying a banner in My Sage Pay if we detect you are using SSLv3 to advise you to make this upgrade.
Until this time, we are actively monitoring our systems for this attack and are confident we would spot a Poodle attack long before it caused any damage.
As we fully remove support for SSLv3 from our payment gateway in January a small number of customers will need to update the way their website connects to our gateway. If we detect that you need to update we will contact you to help you through the process before we remove SSLv3 support.