Merchant Security Upgrade Testing (PP-LIVE-8238)

MTS_Ciaran
Moderator
Moderator

Testing to being April 12th 2018. Please see HERE for full schedule.

 

Please Use this thread for any questions related to the Security Upgrades coming June 2018 and the upcoming testing for these changes. 

For full details on these changes click HERE

------------------------------------

AFFECTED PRODUCTS:

  • REST APIs
  • SOAP & NVP APIs
  • Payflow APIs
  • Homepage
  • Online Checkout
  • Retail Checkout
  • Account
  • Payflow
Initial Notification:
To prepare for the Payment Card Industry (PCI) mandated security upgrade deadline of June 30, 2018, PayPal plans a series of tests to verify that our API endpoints meet the latest security standards.
 
If you have already upgraded your integration to the highest security protocols, you should not experience impacts from our testing.
 
However, if you have not upgraded your PayPal integrations to comply with these standards, service interruptions may occur during our testing windows.
 
It is strongly recommended that you perform the necessary upgrades immediately as we will be performing tests from March 12 to March 22, and early June 2018. Below is a quick summary of the testing schedule for the first round of tests:
 
  • March 12-14: TLS 1.2
  • March 14-15: GET response
  • March 19-21: HTTP 1.1
  • March 21-22: Instant Payment Notification (IPN) HTTPS
 
More information can be found on our Merchant Security Upgrade Testing Microsite.
Login to Me Too
26 REPLIES 26

MTS_Carlos
Moderator
Moderator

Hi,

 

All of the information related to the new TLS upgrade can be found in these two resources:

https://www.paypal-notice.com/en/TLS-1.2-and-HTTP1.1-Upgrade/
and
https://www.paypal-notice.com/en/IPN-Verification-Postback-to-HTTPS/ (should you be using IPN)

In order to determine where your account was identified as having an issue, you can create a request to https://www.paypal-techsupport.com/
Our Merchant Technical Support staff can potentially provide some further guidance for you to work with your developer or CRM to ensure the necessary changes are made.

That being said, if you are currently processing transactions through your website successfully to PayPal, you are passing the new TLS protocol.

Login to Me Too

colatechi
Contributor
Contributor

I've been away until today and nobody told me I had received this TLS 1.2 notice until I returned. I have no idea how to go about testing this, as I'm not tech savvy in the slightest and I'm worried that my account will be affected due to my lack of knowledge. Can someone help me? I can't afford to lose my account.

 

I've read other questions relating to this but I have no idea what the sandbox page does or how any of this works, I'm at my wits end with anxiety at this point.

Login to Me Too

WRF
PayPal Employee
PayPal Employee

 

 

 

Login to Me Too

MTS_Carlos
Moderator
Moderator

Hi,

 

All of the information related to the new TLS upgrade can be found in these two resources:

and
 
In order to determine where your account was identified as having an issue, you can create a request to https://www.paypal-techsupport.com/
Our Merchant Technical Support staff can potentially provide some further guidance for you to work with your developer or CRM to ensure the necessary changes are made.
 
That being said, if you are currently processing transactions through your website successfully to PayPal, you are passing the new TLS protocol. 
 

 

 

Login to Me Too

Sara-Morrell
New Community Member

I'm a bit confused to what is going on. I've already received an email June 19th in regards to my TLS needing to be updated? I'm unaware to what that is, let alone how that affects myself as I use invoices. Does this mean through websites such as Ko-Fi, Patreon, or even PayPal.me? I do not have any form of Paypal integration, let alone any website that I am aware of that the account is tied to aside from those mentioned above. To top it off, I have received a physical letter from PayPal saying they have been trying to contact me in regards to this update for the last two years. Letter was dated June 4th, 2018 and was received today (July 2nd, 2018). I have not in any way been notified prior to the email, or even before this letter was sent to me. Is there any way to check and see if the account was compromised and is being used in an integration? I don't see any outstanding transactions outside of the norm, so I don't understand what is going on.

Login to Me Too

MTS_Carlos
Moderator
Moderator
Hi Sara-Morrell,

If you are processing payments successfully then you are TLS compliant! Otherwise your transactions would get a connection error etc.. Should you have any further questions, feel free to contact us at https://www.paypal-techsupport.com/
Login to Me Too

POCA-2018
Contributor
Contributor

I, too, am receiving the emails that state "Immediate Action Required: Upgrade your PayPal integration.  Our records show your PayPal integration uses an older encryption protocol..."

 

I ran a test on SSL Labs and am showing that we have TLSv1.2 installed and in use. I also ran a test using the instructions here: https://github.com/paypal/TLS-update and receiving "PayPal_Connection_OK".  I can provide a link to that endpoint if you would like to test it.

 

At the bottom of the email graphic it does say "If you have already made this upgrade, thank you."  My office manager receives those emails and I would like to ensure we are compliant and good to go for the next month.  Is it possible to have someone check my account status, please?

 

*EDIT* I should note that when I used the cacert.pem file I already had with the TLS-update file above it failed, I appended the "DigiCert High Assurance EV Root CA" and "DigiCert Global Root G2 (SHA-256)" on the end and tried again and it does pass as noted above.

 

Best Regards,

POCA-2018

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.