Letter from PayPal re: TLS 1.2 HTTP/1.1

macounwr1
Contributor
Contributor

I got a letter, purportedly from PayPal, as follows:

 

PayPal   Reminder: REQUIRED to avoid service interruptions you need to complete important security upgrades.  

Worth <removed>,

   Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That’s why one of our top priorities is to ensure our customers have a safe, secure experience when transacting with PayPal. 

This year, we’ve made a number of upgrades to the PayPal system enabling us to continue providing the highest level of security available for customers. Throughout 2018, we will continue to upgrade our security protocols to the highest levels of protection available, which includes moving all of our systems to TLS 1.2, an enhanced security protocol that encrypts customer data over the Internet. We also announced several new security requirements for merchants who use PayPal, to ensure they do their part to protect sensitive customer data, as well.  

Our records indicate that you still need to make critical security upgrades to your systems. If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible.

 Change Change Required? Merchant API Certificate Credential UpgradeNoTLS 1.2 and HTTP/1.1 UpgradeYesIPN Verification Postback to HTTPSNoDiscontinue Use of GET Method of Classic NVP/SOAPNo



If you have not made the necessary changes by the date specified, you won’t be able to accept payments with PayPal until you do so.  But most importantly, failure to make these upgrades will put your customers’ sensitive personal and financial data at risk. 

 

And it went on. We only use PayPal Express Checkout. Should we be getting such a message?

Login to Me Too
2 REPLIES 2

ToddyP
Contributor
Contributor

Received the same letter but already supporting TLS v1.2 and could prove it with SSL analysis if there was somewhere to send the link...

Login to Me Too

scholarlyhobbit
New Community Member
I just got a physical letter in the post about this. I don't run a business, I just get tips for my writing. My husband, who does the same, hasn't gotten a letter. I have no idea what's going on or what these security protocols are, or if this is some really elaborate hoax that'll steal financial data. I just want to use my PayPal to order from Etsy and such. What do I need to do? My browsers are all updated.
Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.