Skip to main content

DTCC Strengthens Encryption Protocols for Client Connectivity

By Sean C. Lee, DTCC Director, Office of the CIO | October 16, 2019

Turning User Feedback Into Improved Market Insights

Financial services firms are hit by cyberattacks 300 times more than other companies, according to a report from Boston Consulting Group. So it’s no surprise that cyber-security is consistently ranked as the number one risk facing the global financial system in DTCC's Systemic Risk Barometer.

With global cyber-security spending predicted to reach US$200 billion / £144 billion per year between 2017 and 2021, investing in cyber-defenses has become a widespread priority among firms.

A key investment in forging a resilient cyber-defense is upgrading to TLSv1.2 or higher. “DTCC already supports the latest encryption protocols in its platforms and services,” said James Lee, DTCC Chief Technology Officer “We are asking clients to partner with us to strengthen the security of their connection(s) to DTCC to reduce the risk of their connectivity with us from being impacted.”

What is Transport Layer Security?

Transport layer security (TLS) is a protocol that provides communication security between client/server applications that communicate with each other over the Internet. It enables privacy, integrity and protection for the data that's transmitted between different nodes on the Internet. TLS is a successor to the secure socket layer (SSL) protocol.

What is Secure Sockets Layer (SSL)?

Secure Sockets Layer (SSL) is a standard protocol used for the secure transmission of documents over a network. Developed by Netscape, SSL technology creates a secure link between a Web server and browser to ensure private and integral data transmission. SSL uses Transport Control Protocol (TCP) for communication.


DTCC has accommodated clients that needed to use less than optimal encryption (e.g., SSLv3, TLSv1.0 and TLSv1.1) based on their respective preference. However, as cyber-threats against the financial sector become more frequent, complex and sophisticated, DTCC will require that TLSv1.2 encryption or higher is used by all firms who connect to DTCC beginning March 2020.

“DTCC takes the security of its clients’ data seriously and continuously looks for ways to improve security,” said Andrew Gray, DTCC Chief Risk Officer “To that end, we have identified an area of improvement to strengthen the encryption of data exchanged with DTCC to help counter emerging security threats.”

DTCC’s move to a stronger encryption standard aligns with industry leaders, including Microsoft, Google, Apple and Mozilla, who have all announced their intent to end support for older / outdated browsers that do not support TLSv1.2 or higher.

  • An Apple announcement indicated that complete support TLS versions 1.0 and 1.1 will be removed from Safari in updates to Apple iOS and macOS beginning in March 2020.
  • Google announced plans to show deprecation warnings for the use of TLS 1.0 and 1.1 when it releases Chrome 72, and it'll disable those protocol versions with the release of Chrome 81. This will affect users on early release channels starting January 2020.
  • Microsoft announced plans to disable TLS 1.0 and 1.1 in its Edge and Internet Explorer 11 browsers in the first half of 2020.
  • Mozilla is planning to disable TLS 1.0 and 1.1 support in its Firefox browser in March of 2020, according to an announcement, although this change likely will show up earlier in its pre-release browser versions.

“DTCC recommends that all clients ensure they are using the latest browser versions before March 2020. This will reduce the risk of connectivity issues and help ensure stronger protections for the data they transmit.” said Stephen Scharf, DTCC Chief Security Officer.

Contact [email protected] with any questions.