Tag: tfwa.com

Latest stories

  • , , ,

    TFAW Security Changes

    I CAN’T ACCESS TFAW.COM!!!

    If you are unable to connect to tfaw.com, you likely have a browser that doesn’t support TLS 1.2. Please read the below information carefully, as you won’t be able to visit or purchase from TFAW.com until you upgrade your browser.

    TL;DR

    For PCI compliance reasons, we stopped supporting browser encryption older than TLS 1.2 on June 26th, 2018. Please upgrade your browser or enable TLS 1.2 to continue using TFAW.com. You will not be able to access TFAW if you don’t upgrade your browser.

    Sample errors

    Firefox: “The connection was interrupted”

    Opera: “Unable to complete secure transaction”

    Chrome: “SSL connection error”

    What’s Going On?

    TFAW takes security very seriously. The Payment Card Industry (PCI) Security Standards Council is an organization that sets security standards for websites that handle credit cards. The newest revision of their policies requires that we disable security protocols considered to be outdated and insecure. We made these changes to remain PCI compliant and to continue operating. As of this deadline, we’re required to block any browser connection to TFAW.com that does not use at least the TLSv1.2 secure connection standard, which may prevent some people from viewing our site.

    How Am I Affected As a Customer?

    A secure connection requires that both the sending and receiving ends work together. This means that not only must our end be secure, but as a visitor to our site, so must your browser. If your browser is too old, you may not be able to access our site and may find yourself reading this blog post to determine why this is happening. If you’re using a current web browser, then you should already be protected.

    If you’re unable to connect to www.tfaw.com, you may need to upgrade your browser version, change your browser’s security settings, or even upgrade your computer’s operating system. More details on how to do this can be found at the bottom of this post.

    Why Is This Happening?

    Online security is always evolving. As vulnerabilities are found in older security standards, new standards are created to address those vulnerabilities and increase security. One such type of security is the Transport Layer Security (TLS) protocol, which makes sure that information passing between your browser and a website is encrypted and unreadable to outside parties. The PCI Security Standards Council has determined that vulnerabilities in versions older than TLSv1.2 are at risk for being breached. In response to this, the newest revisions to their security standard establish a new baseline for the level of encryption that must be used by sites that process credit card information. As a website that processes credit card information and a company that values our customers’ security, we updated our security to meet the deadline for this upgrade on June 30th, 2018.

    What Does All This Technical Mumbo-Jumbo Really Mean?

    When you’re viewing a website, a lot of information is being sent back and forth: Information about the site and what it looks like is sent to your browser so you can view it. When you submit information like your address and credit card for a purchase, that information is sent from your browser back to our website. This information can either be unencrypted (“http://”) or encrypted (“https://”).

    Transporting this information is like putting important files in a car and driving it to another location. An unencrypted connection is like driving a regular car with the doors unlocked; someone could stop the car along the way and get all the files inside. An encrypted connection is like using a security truck, with features to make sure no one can get anything inside while it’s moving. However, even with a security truck, there can be different levels of how difficult it is to break into the truck. This is like the different types of encryption protocols which have names like “SSL 2.0”, “SSL 3.0”, “TLS 1.0”, or “TLS 1.2”. As technology advances, criminals have learned how to break into older security trucks, so we learn to build bigger and stronger vehicles.

    However, having a big security truck moving all your files means you need a big garage in order to park the truck and unload it. If your garage isn’t big enough, you won’t be able to park any of the new security trucks that are sent to you. In this case, your web browser is the garage.

    The PCI Security Standards Council is saying that we can only use the newest, safest trucks to transport your information, so your garage has to be big enough to receive them. If your web browser does not use support newest security standards, you won’t be able to use those protocols to send and receive information, and you won’t be able to access our website.

    How Do I Make Sure I Can Access TFAW.com?

    There are several factors that can affect whether your browser supports the latest security protocols, including your browser version, your browser security settings, and even your operating system version. You can go to www.howsmyssl.com and look under “Version” to see what version of TLS your browser is using. If it lists anything lower than TLS 1.2, here are the steps you can take to ensure that you are using TLSv1.2.

    First, you can check that you are using a browser that supports TLSv1.2. This includes:

    • Microsoft Internet Explorer 11 and higher
    • Microsoft Internet Explorer Mobile (Windows Phone 8.1) 11 and higher
    • Microsoft Edge
    • Mozilla Firefox 27 and higher
    • Google Chrome 30 and higher
    • Google Android OS Browser Android 5.0 and higher
    • Apple Safari 7 and Higher
    • Apple Safari Mobile (iOS 5+) 5 and higher
    • Opera and Opera Mobile 12.18, or 17 and higher

    It’s also possible that your browser supports TLSv1.2 but it needs to be manually enabled.

    The following is a list of browsers which support TLSv1.2, but is not turned on by default:

    • Microsoft Internet Explorer 8-10 on Windows 7 or Server 2008 R2
    • Microsoft Internet Explorer Mobile (Windows Phone 8) 10
    • Mozilla Firefox 24 – 26
    • Google Android OS Browser Android 4.4
    • Opera and Opera Mobile 10 – 12.17

    Instructions on how to enable TLSv1.2:

    Note that these instructions may not work across all operating systems and devices. You may need to search for instructions fitting your circumstances.

    Internet Explorer 8-10:

    1. Click Tools > Internet Options.
    2. In the Internet Options dialog box, click the Advanced tab.
    3. Scroll to the Security section, select the Use TLS 1.2 check box, and click OK.

    Firefox version 24 and later:

    1. Open a Firefox browser and enter about:config in the address bar.
    2. When prompted, click I’ll be careful, I promise! and accept the warning.
    3. Search for security.tls.version.max.
    4. Double-click security.tls.version.max and change the value to 3 to configure the browser to support TLS1.2.

    Google Chrome (note newer versions of Chrome do not have this setting):

    1. Select “Settings” or “Preferences” from the application menu.
    2. Scroll down and select “Show advanced settings…”
    3. Scroll down to the Network section and click on “Change proxy settings…”
    4. Select the “Advanced” tab.
    5. Scroll down to the “Security” section.
    6. Locate and check “Use TLS 1.1 and TLS 1.2”.
    7. Then, press the “OK” button.

    Opera:

    1. Open Opera
    2. Click Ctrl+F12
    3. Click on “Security”
    4. Click on “Security Protocols…”
    5. Check on “Enable TLS 1.1 & TLS 1.2”
    6. Press the “OK” button.
    7. Then, press the “OK” button.

    Safari:

    • There are no options for enabling SSL protocols. If you are using Safari version 7 or greater, TLS 1.1 & 1.2 are automatically enabled.

    In some cases, you may be using a browser that supports TLSv1.2, but your operating system does not support the protocol. If you are running an operating system that falls under this case, you will need to update your operating system before being able to use TLSv1.2. Many older operating systems don’t support TLSv1.2 at all, while some newer ones only support it after certain security updates. The following is a list of operating systems that DO NOT support TLSv1.2:

    • Windows versions older than XP (ME, 2000, 98)
    • Windows XP before certain security updates
    • Windows Vista before certain security updates
    • Windows 7 before version 6.1.760 1.23xxx
    • The update for Windows 7 can be found here
    • OS X version 10.8 or older

    Most customers shouldn’t be affected by these changes, but if are using outdated security protocols we highly recommend you update so you may continue to access TFAW and your other favorite online stores.

    Now What?

    If you were redirected here from TFAW.com, then we recommend you upgrade or change web browsers.

    You will need to resolve this problem in order to shop at TFAW.com.

    If you have any questions, please contact service@tfaw.com.

    Please follow and like us: