Security & Privacy
Disabling of TLS 1.0 and TLS 1.1 security protocols
What is TLS?
TLS stands for Transfer Layer Security. This is a cryptographic protocol which ensures communication security between different servers/applications/systems that communicate with each other over the Internet. TLS is the successor of Secure Sockets Layer (SSL).
What happens after 30 March 2018?
According to PCI Data Security Standard (PCI DSS) for safeguarding payment data, the early versions of TLS are more vulnerable to security breaches and can no longer be used as a security control.
As a licensed payment provider, myPOS maintains the highest security standards and complies with all updates of PCI DSS. Therefore, under the new requirements, our systems will not support TLS 1.1 and TLS 1.0 protocols after 30 March 2018.
How does this affect me?
If your browser or e-commerce website works with TLS 1.0 or TLS 1.1 security protocols, you and your customers will not be able to access the myPOS system with this browser.
What should I do?
Please check the version of the web browser that you currently use. Below you will find a list of all web browsers which are fully compatible with the TLS 1.2 or above. If you can’t find your browser in this list, please upgrade to a newer version.
|Versions 33-37 and above||
Windows 7 and above (8.*, 10)
Android 4.1 and above
( 4.2, 4.4, 5.*, 6.*, 7.*) iOS 9.0 and above Linux
Google Android OS browser
|N/A||Android 5.1 and above|
|Version 34 and above||
Android 4.0.3 and above
( 4.1, 4.2, 4.4, 5.*, 6.*, 7.*)
iOS 9.0 and above Linux
Microsoft Internet Explorer
Windows 7 Windows 8.*
Windows Server 2008 R2
Windows Server 2012 R2
Internet Explorer Mobile
|Version 11||Windows Phone 8.1|
|Version 11 and above||Windows 10|
Microsoft Edge Mobile
|Version 13 and above||Windows 10 Mobile v1511 and above|
|Version 27 and above||
Windows 7 and above (8.*, 10)
Android 4.0 and above
(4,1, 4.2, 4.4, 5.*, 6.*, 7.*) iOS 9.0 and above Linux
Version 7 and 9
Version 8 and above (9 and 10)
Version 10 and above (11)
OS X 10.9
OS X 10.10 and OS X 10.11
macOS 10.12 and macOS 10.13
Apple Safari Mobile
|Version 7 and above||iOS 7 and above|
When will myPOS disable TLS 1.0 and TLS 1.1?
That will happen on 30 March 2018. After this date, our systems will no longer support TLS 1.0 and TLS 1.1 encryption protocols.
Some operations in the myPOS account require an authentication code that myPOS provides by text message to the mobile number linked to the account. This is an authentication method required to verify the legitimacy of the attempted operation in the account. GateKeeper is, simply said, the alternative to this method.
When the GateKeeper authentication method is enabled and the app is set-up, the merchant is issued a one-time 6-digit code. This code, together with the myPOS username and password, is used to log in to the myPOS account. The GateKeeper app will generate an authentication code for every myPOS operation that requires one. This authorisation code is valid only for one minute.
The app can be used for multiple accounts and is available for devices with iOS and Android operating systems. GateKeeper does not require an Internet connection or mobile service.
GateKeeper can be activated from the myPOS account. Go to the Profile tab, then select Authentication and follow the instructions.
If the merchant would like to switch back to text message authentication, they can do so directly from the myPOS account. In case the merchant loses his/her phone, he/she must contact the Customer Support team immediately.
Additional information on GateKeeper can be found here.
General Security & Privacy Information
myPOS is duly registered as a personal data administrator with the Commission for Personal Data Protection under number 0050022 and all customer data is collected, transferred and maintained in accordance with the principles incorporated within the EC Directive 95/46 on the protection of personal data and with Data Protection Act, 2002 of the Laws of Bulgaria (and any amendment thereof). The personal data regarding the Client that is provided by the Client as well as by third parties such as state and international authorities, which have competence in the prevention of fraud, is preserved in electronic form on servers, collocated in specially designed premises class A with the highest level of communication coverage, security and control of access.
To open, maintain, use and close the E-money Account and payment instruments, associated with the Account and to use the Service provided by myPOS, the Client must provide:
- First name and surname
- Date of birth
- Place of birth
- Email address
- Registered address
- Mobile telephone number
- Identification document
- Type of identification document
- Issue date
- ID number
- Issuing authority
- or other details as may be requested
Furthermore, for the purposes of funding the Account of the Client, the Client may choose to provide information about its credit card, debit card or other payment instrument. myPOS may generate and send to the mobile phone number of the Client verification codes as well as to request the Client to enter them as a confirmation of certain actions. This required information is necessary for myPOS in order to process transactions, issue new passwords (if applicable) in case the Client forgets or loses his/her password, in order to protect the Client, myPOS or other customers of myPOS against identity theft, credit card fraud as well as to contact the Client should the need arise in administering the Account of the Client.
Read more about the policies of myPOS here.