Thu Dec 21, 2017 7:49 pm
I can understand wanting to make things secure but do they have to be so vague?
Just got this email;
Reminder: REQUIRED to avoid service interruptions you need to complete important security upgrades.
Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That’s why one of our top priorities is to ensure our customers have a safe, secure experience when transacting with PayPal.
This year, we’ve made a number of upgrades to the PayPal system enabling us to continue providing the highest level of security available for customers. Throughout 2018, we will continue to upgrade our security protocols to the highest levels of protection available, which includes moving all of our systems to TLS 1.2, an enhanced security protocol that encrypts customer data over the Internet. We also announced several new security requirements for merchants who use PayPal, to ensure they do their part to protect sensitive customer data, as well.
Our records indicate that you still need to make critical security upgrades to your systems. If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible.
Merchant API Certificate Credential Upgrade No
TLS 1.2 and HTTP/1.1 Upgrade Yes
IPN Verification Postback to HTTPS No
Discontinue Use of GET Method of Classic NVP/SOAP No
If you have not made the necessary changes by the date specified, you won’t be able to accept payments with PayPal until you do so. But most importantly, failure to make these upgrades will put your customers’ sensitive personal and financial data at risk.
How do I make these changes?
More information on the required changes and how to implement them can be found on our Merchant Security Road Microsite:
• 2016-2017 Merchant Security Roadmap
• TLS1.2 and HTTP/1.1 Upgrade Roadmap
• IPN Verification Postback to HTTPS
• Discontinue Use of GET Method for Classic NVP/SOAP API’s
• Merchant API Certificate Credentials Upgrade
If you need additional support with these changes, we encourage you to contact your web hosting company, ecommerce software provider, in-house web programmer or system administrator.
As a leading payment provider, we’re committed to continually building and investing in the strongest protections possible. Thank you for your support and for helping us maintain the highest security standards for all of our shared global customers.
If you have any questions or concerns, please contact your account manager.
which sends me to this page;
https://www.paypal-notice.com/en/TLS-1. ... 1-Upgrade/