TLS versions 1.0 and 1.1 will no longer be supported as of 20 May 2020
Since the old versions of the Transport Layer Security (TLS) encryption protocol will no longer be supported, the old versions can no longer be used for transmitting companies’ payment data via the Web Services channel. For this reason, we recommend that companies begin to replace their old version with a new one as soon as possible.
Please forward the following message to your technical expert or to your bank connection software provider to ensure that your bank connection software applies the new data communication encryption settings:
It is crucial that data communication between the customer and the bank is protected with the latest TLS versions. OP updates its data communication encryption settings on a regular basis.
OP will update the protection settings of the Web Services channel (WS channel) and discontinues the use of the TLS 1.0 and TLS 1.1 protocols. At the same time, OP will stop supporting several old encryption algorithms (cipher suites). We will further improve the data security of our services by upgrading to up-to-date protection settings.
As of 20 May 2020, OP will discontinue the use of older TLS protocols on its WS channel and start using the TLS 1.2 version. After this date, any information systems that are incompatible with the encryption protocols and algorithms applied on OP’s WS channel will not have access to the channel. Any customers currently using the TLS 1.0 or 1.1 version should update their information system so as to be compatible with the encryption settings of OP’s WS channel.
What is Transport Layer Security (TLS)?
TLS is a data security protocol that ensures the protection and integrity of data between two communicating applications. It is widely used in web browsers and other applications requiring secure transfer of data over the network.
Implementation of new protection settings in customer test environment
The new protection settings will be taken into use in the WS channel’s customer test environment. We will inform you about how to prepare for the testing at a later date.
If you want to ensure the functionality of your bank connection software on the new data communication encryption settings, please contact your bank connection software provider.
The greatest benefit of the payment transfer API solution is real-time payment
Our API solution enables companies to establish a secure, real-time connection between their apps and the bank.
The payment transfer API enables companies to initiate payments and retrieve account data directly from their systems.
The APIs are based on machine identification and JSON-format data and are easy to integrate into bank connection software as well as enterprise resource planning systems and other essential operational systems. Corporate customers using the payment transfer interface are identified by machine, using OAuth certificates.
The OP Developer page has more detailed interface descriptions of OP’s API products. It also includes instructions for sandbox testing of the payment transfer API products.