IVR Sunsetting Technical Reference
This documentation serves as an in-depth reference guide about the sunsetting of Amadeus’ IVR product.
Important Date(s)
Product Name |
Sunset Date |
Physical IVR (hardware) Virtual IVR |
January 12, 2024 January 12, 2024 |
Sunset Process
Amadeus will sunset Physical and Virtual IVR on January 12, 2024. Amadeus strongly recommends customers discontinue the use of this product prior to the end-of-life date. Please refer to the Amadeus Modern Life Cycle Policy for additional information
Planned Path Forward
To ensure a smooth transition and uninterrupted service, we kindly request your attention to the following actions:
- Disable the IVR integration by January 12, 2024.
- For those in possession of physical hardware for their IVR, please properly dispose or destroy the equipment in accordance with the instructions from the manufacturer, as it has reached the end of its useful life.
- Explore the full capabilities of HotSOS Mobile as a replacement to your IVR solution.
- For guidance on setting up mobile devices, please refer to HotSOS Training & Help – Setup Mobile Devices
- If you do not have a HotSOS Mobile license, please contact your sales representative to sign up today – contact our sales team
Customer Impact
IVR is built upon a technology platform and has architectural dependencies on legacy components which have reached their end-of-life and are no longer compatible with the latest TLS protocols. Amadeus had started enforcement of TLS1.2 in the past years, to ensure the maximum level of security and the use of strong ciphers.
Due to its dependency on those outdated components, Amadeus is unable to continue the development of the IVR product and keep the level of security in its product suite to its maximum.
TLS protocol versions
The National Institute of Standards and Technology (NIST) reported in 2014 that secured SSL 3.0 and TLS 1.0 protocols are unsafe.
According to NIST, there are no fixes or patches that can adequately repair SSL or early TLS. Therefore, it is critically important that organizations upgrade to a secure alternative as soon as possible and disable any fallback to both SSL and early TLS.
The Payment Card Industry Council issued PCI DSS v3.1 initial guidance in 2015, followed by an update in December 2015:
- All entities involved in the payment card industry must provide a TLS 1.1 or greater service offering by June 2016.
- All existing and new setup must follow the NIST Special Publication 800-52 Revision 1.
- All new implementations must be enabled with TLS 1.1 or greater, and TLS 1.2 is recommended.
- All entities must use only secure version of TLS with strong cipher suites, effective 30 June 2018.
In 2019, the National Institute of Standards and Technology (NIST) published a recommendation that supersedes 2014’s publication, recommending the adoption of TLS1.3 and plans to support by 2024.
Amadeus Support
Given the lack of underlying platform support, Amadeus has taken the decision to discontinue the IVR product. End of Engineering has already taken effect for IVR. Please refer to the Amadeus Fixed Life Cycle Policy for additional information. End of Engineering means:
- No further solution updates will be made to the IVR code base. Amadeus will no longer update the platform nor its components.
- As Amadeus is gradually reinforcing its security posture and allowing TLS 1.2 protocols and higher as the only acceptable protocols, IVR will become inoperable, and no support will be provided by the enforcement date.