Summary:
Do NCR Secure Pay and CP Gateway Support Secure Hash Algorithm 2 (SHA-2)?
Solution:
Yes, NCR Secure Pay and CP Gateway support SHA-2.
Please see below from the October Partner Newsletter (can be found on Partner Portal under Program Information/Partner News):
Also note that many processors are alerting merchant’s that their support for SHA-1 certificates will soon be ending and merchants must ensure that they support SHA-2 certificates and/or TLS 1.2. For merchants processing payments through CP Gateway and NCR Secure Pay, no action is required on their part. NCR Secure Pay also supports SHA-256.
CP Gateway and NCR Secure Pay handle the connection to the end processors, and thus insulate merchants from processor certificate changes. For all supported processors these changes have been made and tested already, so no action is needed by merchants in relation to these notifications.
Information about the security level on the client (station) security levels:
The Counterpoint application has no control over the level of SSL/TLS used. The level of SSL/TLS used is determined by negotiation between the windows OS (the SChannel component) and the server/host. Once windows and the host negotiate a connection, then Counterpoint simply uses that connection for communication.
The Secure Pay servers do allow TLS 1.0 or higher (but not SSL 2 or 3), which should be compliant through 6/2018, per this article: https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls.