Using PayPal in SBI!. For services. Plug-n-play shopping cart. E-goods. Other uses?

Moderator: Bernie from RV'ing in Western USA

#1388652 by Jacki from Macleod
Thu Dec 21, 2017 7:49 pm

I can understand wanting to make things secure but do they have to be so vague?

Just got this email;


Reminder: REQUIRED to avoid service interruptions you need to complete important security upgrades.

Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That’s why one of our top priorities is to ensure our customers have a safe, secure experience when transacting with PayPal.

This year, we’ve made a number of upgrades to the PayPal system enabling us to continue providing the highest level of security available for customers. Throughout 2018, we will continue to upgrade our security protocols to the highest levels of protection available, which includes moving all of our systems to TLS 1.2, an enhanced security protocol that encrypts customer data over the Internet. We also announced several new security requirements for merchants who use PayPal, to ensure they do their part to protect sensitive customer data, as well.

Our records indicate that you still need to make critical security upgrades to your systems. If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible.



Change

Change Required?

Merchant API Certificate Credential Upgrade No
TLS 1.2 and HTTP/1.1 Upgrade Yes
IPN Verification Postback to HTTPS No
Discontinue Use of GET Method of Classic NVP/SOAP No


If you have not made the necessary changes by the date specified, you won’t be able to accept payments with PayPal until you do so. But most importantly, failure to make these upgrades will put your customers’ sensitive personal and financial data at risk.

How do I make these changes?

More information on the required changes and how to implement them can be found on our Merchant Security Road Microsite:

• 2016-2017 Merchant Security Roadmap
• TLS1.2 and HTTP/1.1 Upgrade Roadmap
• IPN Verification Postback to HTTPS
• Discontinue Use of GET Method for Classic NVP/SOAP API’s
• Merchant API Certificate Credentials Upgrade

If you need additional support with these changes, we encourage you to contact your web hosting company, ecommerce software provider, in-house web programmer or system administrator.

As a leading payment provider, we’re committed to continually building and investing in the strongest protections possible. Thank you for your support and for helping us maintain the highest security standards for all of our shared global customers.

If you have any questions or concerns, please contact your account manager.





which sends me to this page;

https://www.paypal-notice.com/en/TLS-1. ... 1-Upgrade/

Huh? Help!
#1388653 by Jill from Westbury
Thu Dec 21, 2017 7:50 pm
Thanks for posting this! I was just getting ready to post it too. I'm curious to see what we need to do in order to upgrade to follow the new rules.

Jill
#1388654 by Jacki from Macleod
Thu Dec 21, 2017 7:52 pm
Ahh, so it wasn't just me!
#1388657 by Michael from Oxford Junction
Thu Dec 21, 2017 8:45 pm
Not at all. I have been looking at converting my site to https but the number of links to convert/secure ore overwhelming at this point. I have looked for but been unable to find whether SBI supports http/1.1 or TLS 1.2.I suppose a quick check with SBI Support can clear that up. If anyone has additional information, I'd love to hear it
#1388658 by Juri from plainlight.com
Thu Dec 21, 2017 8:51 pm

I followed the steps described on the page to verify the connection [below Verify your systems at https://tlstest.paypal.com!] and received this back:

paypal_tls.png
PayPal tlstest response
paypal_tls.png (29.47 KiB) Viewed 764 times

So, I assume we [SBI] are good, server-side.

To test your own pages, open one of them in BlockBuilder and replace any references to https://www.paypal.com, or api.paypal.com, or any other endpoint listed on the page, with https://tlstest.paypal.com. Load the page in Preview and click on the PayPal button. If there's no error returned, you should be OK as well.

Kind regards,
J.
#1388672 by Sassy from VeganCoach.com
Fri Dec 22, 2017 1:17 am
I am also here to ask about this. :)

I'd really like an official word from SBI that all is well with our accounts regarding this Paypal rule.

Thank you!
#1388703 by Debs from SiteSell
Fri Dec 22, 2017 1:24 pm
Michael from Oxford Junction wrote:Not at all. I have been looking at converting my site to https but the number of links to convert/secure ore overwhelming at this point. I have looked for but been unable to find whether SBI supports http/1.1 or TLS 1.2.I suppose a quick check with SBI Support can clear that up. If anyone has additional information, I'd love to hear it


You don't change outbound links, only calls to outside files need changed.

If you mean internal links in your SBI! pages, those are taken care of automatically by the conversion tool.

Michael from Oxford Junction wrote:unable to find whether SBI supports http/1.1 or TLS 1.2.I suppose a quick check with SBI Support can clear that up.


Yes Support could tell you, but head of programming said, "Our servers are using tls 1.2 or better"

Debs
#1388725 by Jacki from Macleod
Fri Dec 22, 2017 5:10 pm
Debs from SiteSell wrote:Yes Support could tell you, but head of programming said, "Our servers are using tls 1.2 or better"
So, nothing to worry about then? Yippee! :D
#1388943 by Mary from Mico
Wed Dec 27, 2017 9:11 pm
Thanks everyone, especially Juri and Debs. I came for the same reason.

Mary
#1392302 by Leyla from France
Sat Feb 10, 2018 10:37 am
Silly question but this means that my site needs to move to https BEFORE I can add a Paypal button to a page? Thanks!
#1392306 by Debs from SiteSell
Sat Feb 10, 2018 11:46 am
Jacki from Macleod wrote:
Debs from SiteSell wrote:Yes Support could tell you, but head of programming said, "Our servers are using tls 1.2 or better"
So, nothing to worry about then? Yippee! :D


Nothing to worry about IF your site is https.

Debs
#1392307 by Debs from SiteSell
Sat Feb 10, 2018 11:47 am
Leyla from France wrote:Silly question but this means that my site needs to move to https BEFORE I can add a Paypal button to a page? Thanks!


It is recommended all SBI! sites be switched to https; it is now a ranking factor with Google. Come this Summer, Google Chrome will be showing non-https sites as being not secure. This is sure to chase your visitors away.

Debs
Similar Topics Statistics Last post
Custome Paypal Button
by Kathy from Mintaro Sun Jun 04, 2017 7:15 am
2 Replies
1379 Views
by Kathy from Mintaro
Tue Jun 06, 2017 1:20 pm
Will using paypal alone make me loose customers?
by Kenesha from Sydenham Wed Mar 15, 2017 4:41 pm
13 Replies
2025 Views
by Robert from Mc Gregor
Tue Mar 21, 2017 6:06 pm
Customer From England Cannot Use PayPal To Buy Download
by Mary from Mico Thu Mar 16, 2017 4:35 am
10 Replies
1609 Views
by Bernie from RV'ing in Western USA
Sat May 27, 2017 5:11 pm

Users browsing this forum: No registered users and 2 guests