February, 2015
Security Advisory: Disabling RC4 Weak Encryption 

BridgePay is dedicated to maintaining a high level of security and protecting it's communications with our partners. BridgePay will no longer support the use of the RC4 encryption cipher used to encrypt data. The RC4 cipher is considered weak and is susceptible to attack. To prevent our systems from being exposed to this threat, BridgePay will cease support for the RC4 cipher on Monday, April 6th at 4:30 am EDT. If you are currently using the RC4 cipher exclusively when connecting to BridgePay, you will not be able to process transactions as we will no longer accept this cipher suite.


To assist you with this change and to facilitate testing, our test and stage sites will no longer support RC4 as of Monday, March 2nd.


What systems are affected?

Any system that makes an encrypted connection to BridgePay and only uses the RC4 cipher. This includes web browsers and terminals.


How do I know if I am using RC4 exclusively? Is there a way for me to check my terminal?

Please consult your terminal's documentation to ensure it supports other ciphers or reach out to the contact who provided your credit card terminal. Modern browsers support more cipher suites than just RC4. Consult your IT department for the specific ciphers your systems support.


My terminal supports RC4 and other ciphers such as AES, 3DES, CAMILLA, SEED. Do I need to do anything?

You would need to reconfigure your terminal ONLY if it is set to use RC4 only. Otherwise the terminal should automatically use another cipher. Consult your terminal documentation or terminal provider.


What should I use instead of RC4?

Any of the following encryption mechanisms are supported: AES, 3DES, CAMILLA, SEED.

Who should I contact if I am using RC4 exclusively and need to be upgraded to support other ciphers?

If your terminal does not support AES, 3DES, CAMILLA or SEED ciphers, contact your terminal provider for an upgrade.


Thank you,
Gateway Support