If you are selling products from your website and using PayPal as the checkout payment method you may have received a notice with this warning.
“We recently announced several security upgrades planned for this year, some of which may require you to make changes to your integration. You’re receiving this email because we’ve identified areas of your integration that may need to be upgraded. What you’re about to read is very technical in nature – we understand that. Please contact the parties responsible for your PayPal integration, or your third party vendor (for example, shopping cart provider, and so on) to review this email. They’re best positioned to help you make the changes outlined in this email and in the 2016 Merchant Security Roadmap Microsite.”
Most of the updates that PayPal is implementing relate to increasing security on your website to insure your site is secure for financial transactions. The information and requirements are highly technical in nature and PayPal suggests you take the following first step:
“Consult with someone who understands your integration. We encourage you to consult with the parties that set up your integration, which could be a consultant or third party shopping cart. You may also need to find someone who can assist with making your integration changes.”
Areas that may require attention include:
- SSL Certificate Upgrade to SHA-256
- TLS 1.2 and HTTP/1.1 Upgrade
- IPN Verification Postback to HTTPS
- IP Address Update for PayPal Secure FTP Servers
- Merchant API Certificate Credential Upgrade
- Discontinue Use of GET Method for Classic NVP/SOAP APIs
It’s important to have any required changes in place by the specific event “Act by” date!
As an example, with “SSL Certificate Upgrade to SHA-256”:
To avoid any disruption of service, you must verify that your systems are ready for this change now.
• Testing will occur between June 17 and September 30, 2016.
• Full deployment will happen after September 30, 2016.