Letter from PayPal re: TLS 1.2 HTTP/1.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got a letter, purportedly from PayPal, as follows:
Reminder: REQUIRED to avoid service interruptions you need to complete important security upgrades.
Worth <removed>,
Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That’s why one of our top priorities is to ensure our customers have a safe, secure experience when transacting with PayPal.
This year, we’ve made a number of upgrades to the PayPal system enabling us to continue providing the highest level of security available for customers. Throughout 2018, we will continue to upgrade our security protocols to the highest levels of protection available, which includes moving all of our systems to TLS 1.2, an enhanced security protocol that encrypts customer data over the Internet. We also announced several new security requirements for merchants who use PayPal, to ensure they do their part to protect sensitive customer data, as well.
Our records indicate that you still need to make critical security upgrades to your systems. If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible.
Change Change Required? Merchant API Certificate Credential UpgradeNoTLS 1.2 and HTTP/1.1 UpgradeYesIPN Verification Postback to HTTPSNoDiscontinue Use of GET Method of Classic NVP/SOAPNo
If you have not made the necessary changes by the date specified, you won’t be able to accept payments with PayPal until you do so. But most importantly, failure to make these upgrades will put your customers’ sensitive personal and financial data at risk.
And it went on. We only use PayPal Express Checkout. Should we be getting such a message?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Received the same letter but already supporting TLS v1.2 and could prove it with SSL analysis if there was somewhere to send the link...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- How to get a Volunteer Fire Department charity status in Merchant Products and Services Archives
- Strange letter... not sure if legit... in Managing Risk and Fraud Archives
- Is this legit in Managing Risk and Fraud Archives
- Paypal approves refund without proof or evidence? in Managing Risk and Fraud Archives
- DLGJ0602 - PayPal Working Capital Decline in Merchant Products and Services Archives