New to the community? Welcome! Please read our Community Rules and Guidelines
I got a letter, purportedly from PayPal, as follows:
Reminder: REQUIRED to avoid service interruptions you need to complete important security upgrades.
Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That’s why one of our top priorities is to ensure our customers have a safe, secure experience when transacting with PayPal.
This year, we’ve made a number of upgrades to the PayPal system enabling us to continue providing the highest level of security available for customers. Throughout 2018, we will continue to upgrade our security protocols to the highest levels of protection available, which includes moving all of our systems to TLS 1.2, an enhanced security protocol that encrypts customer data over the Internet. We also announced several new security requirements for merchants who use PayPal, to ensure they do their part to protect sensitive customer data, as well.
Our records indicate that you still need to make critical security upgrades to your systems. If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible.
Change Change Required? Merchant API Certificate Credential UpgradeNoTLS 1.2 and HTTP/1.1 UpgradeYesIPN Verification Postback to HTTPSNoDiscontinue Use of GET Method of Classic NVP/SOAPNo
If you have not made the necessary changes by the date specified, you won’t be able to accept payments with PayPal until you do so. But most importantly, failure to make these upgrades will put your customers’ sensitive personal and financial data at risk.
And it went on. We only use PayPal Express Checkout. Should we be getting such a message?
Received the same letter but already supporting TLS v1.2 and could prove it with SSL analysis if there was somewhere to send the link...