cancel
Showing results for 
Search instead for 
Did you mean: 

Merchant Security Upgrade Testing (PP-LIVE-8238)

Moderator

Merchant Security Upgrade Testing (PP-LIVE-8238)

Testing to being April 12th 2018. Please see HERE for full schedule.

 

Please Use this thread for any questions related to the Security Upgrades coming June 2018 and the upcoming testing for these changes. 

For full details on these changes click HERE

------------------------------------

AFFECTED PRODUCTS:

  • REST APIs
  • SOAP & NVP APIs
  • Payflow APIs
  • Homepage
  • Online Checkout
  • Retail Checkout
  • Account
  • Payflow
Initial Notification:
To prepare for the Payment Card Industry (PCI) mandated security upgrade deadline of June 30, 2018, PayPal plans a series of tests to verify that our API endpoints meet the latest security standards.
 
If you have already upgraded your integration to the highest security protocols, you should not experience impacts from our testing.
 
However, if you have not upgraded your PayPal integrations to comply with these standards, service interruptions may occur during our testing windows.
 
It is strongly recommended that you perform the necessary upgrades immediately as we will be performing tests from March 12 to March 22, and early June 2018. Below is a quick summary of the testing schedule for the first round of tests:
 
  • March 12-14: TLS 1.2
  • March 14-15: GET response
  • March 19-21: HTTP 1.1
  • March 21-22: Instant Payment Notification (IPN) HTTPS
 
More information can be found on our Merchant Security Upgrade Testing Microsite.
26 REPLIES
Contributor

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

We've been regularly receiving emails from Paypal with the subject line "Merchant security upgrade testing TLS 1.2 Impact" where in the body highlighted in red is the sentence "Our records indicate this Merchant Security Testing impacted you". Based on our testing etc, we believe we're ready for the full TLS 1.2 cutover and have after a first round of problems (which came around the time Paypal started doing the weekly smoke tests) we've resolved those issues. However we're still getting these emails so we're wondering if these emails show we still have an issue (and if so, can we get some details re: the issue) or if they were generated because we used to have an issue and it hasn't been checked by Paypal since. If it's the later, is there any way to turn that particular email notification off? Our Finance director is understandably nervous every time he gets this email.

Member

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

I'm in the same boat, and it's stressing me out so much.

Moderator

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

hey both, Ive checked both you guys and you look set, doesn't seem to be any TLS connections less than 1.2, the notifications look to be related to historical data, also keep in mind that you can test the changes on the PayPal sandbox environment, which is already setup to only allow TLS1.2, so if your integration works on sandbox, it will work on live Smiley Happy

Member

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

Hi MTS_Ciaran,

 

I'm not signed on with the account in question. Is there any way I can PM you to check out the account in question, please?

 

Regards,
Craig

Member

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

This is the account by-the-way (Monters)


@Monters wrote:

Hi MTS_Ciaran,

 

I'm not signed on with the account in question. Is there any way I can PM you to check out the account in question, please?

 

Regards,
Craig


 

Moderator

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

On that account, the notification is related to IPN traffic, small amount actually and was last seen on TLS1 on June 13th, so it looks like youre good to go. The older data point is what is driving the notifications. 

Member

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

I'm in the same boat.

 

I believe I updated fully to TLS 1.2 yesterday prior to 2pm Pacific, and it works okay at www.sandbox.paypal.com...

However got a threatening email from PayPal this morning, telling me my payments will no longer be processed:

 

"Our records show that your PayPal integration uses an older encryption protocol. You must take the following actions immediately to upgrade your PayPal integration(s) to the TLS 1.2 cryptographic protocol by June 27, 2018. "

 

I put another sandbox transaction through the at 9:24am PST today (6/27/18), please can you confirm everything is okay your end.

 

For the next time you upgrade your systems, I recommend providing a report to your users indicating where the problem is (a log of the transaction process).

Highlighted
Member

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

Hey Jet3. So I've had two separate PayPal employees confirm that I'm ok today. Apparently, they've been very conservative with their warnings. So if you weren't compliant within the last 14 days, then you'll continue to receive warnings even if you're good now. I know this comment doesn't confirm that you're okay, but hopefully it provides some peace of mind.

 

FYI: I got confirmation on this Post this afternoon and this morning when I rang PayPal and explained my situation. It might be worth logging into your PayPal Account and contacting Customer Support direct to get a more immediate answer.

New Community Member

Re: Merchant Security Upgrade Testing (PP-LIVE-8238)

I'm still receiving notifications that I need to upgrade, including mail from the start of the month that finally arrived saying I need to upgrade but when I checked the pages are either "Oops. Not found" or say "Connection OK" so I don't know how I can upgrade to the newest version so I don't have to lose my account. It says I still need to upgrade my TLS but I have no idea how.