Merchant Security Upgrade Testing (PP-LIVE-8238)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Testing to being April 12th 2018. Please see HERE for full schedule.
Please Use this thread for any questions related to the Security Upgrades coming June 2018 and the upcoming testing for these changes.
For full details on these changes click HERE
------------------------------------
AFFECTED PRODUCTS:
- REST APIs
- SOAP & NVP APIs
- Payflow APIs
- Homepage
- Online Checkout
- Retail Checkout
- Account
- Payflow
March 12-14: TLS 1.2March 14-15: GET responseMarch 19-21: HTTP 1.1March 21-22: Instant Payment Notification (IPN) HTTPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
All of the information related to the new TLS upgrade can be found in these two resources:
https://www.paypal-notice.com/en/TLS-1.2-and-HTTP1.1-Upgrade/
and
https://www.paypal-notice.com/en/IPN-Verification-Postback-to-HTTPS/ (should you be using IPN)
In order to determine where your account was identified as having an issue, you can create a request to https://www.paypal-techsupport.com/
Our Merchant Technical Support staff can potentially provide some further guidance for you to work with your developer or CRM to ensure the necessary changes are made.
That being said, if you are currently processing transactions through your website successfully to PayPal, you are passing the new TLS protocol.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been away until today and nobody told me I had received this TLS 1.2 notice until I returned. I have no idea how to go about testing this, as I'm not tech savvy in the slightest and I'm worried that my account will be affected due to my lack of knowledge. Can someone help me? I can't afford to lose my account.
I've read other questions relating to this but I have no idea what the sandbox page does or how any of this works, I'm at my wits end with anxiety at this point.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I apologize for any and all frustration and confusion that you are having with the information of the recent TLSv1.2 security changes that were made to the PayPal environment. I would encourage you to please submit a Merchant Technical Support ticket at https://www.paypal-techsupport.com/ and please respond with the Question Reference number and I will provide one on one support to help you with understanding the changes, what is or is not necessary on your part and what resources are available to you.
^WF
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
All of the information related to the new TLS upgrade can be found in these two resources:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm a bit confused to what is going on. I've already received an email June 19th in regards to my TLS needing to be updated? I'm unaware to what that is, let alone how that affects myself as I use invoices. Does this mean through websites such as Ko-Fi, Patreon, or even PayPal.me? I do not have any form of Paypal integration, let alone any website that I am aware of that the account is tied to aside from those mentioned above. To top it off, I have received a physical letter from PayPal saying they have been trying to contact me in regards to this update for the last two years. Letter was dated June 4th, 2018 and was received today (July 2nd, 2018). I have not in any way been notified prior to the email, or even before this letter was sent to me. Is there any way to check and see if the account was compromised and is being used in an integration? I don't see any outstanding transactions outside of the norm, so I don't understand what is going on.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are processing payments successfully then you are TLS compliant! Otherwise your transactions would get a connection error etc.. Should you have any further questions, feel free to contact us at https://www.paypal-techsupport.com/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I, too, am receiving the emails that state "Immediate Action Required: Upgrade your PayPal integration. Our records show your PayPal integration uses an older encryption protocol..."
I ran a test on SSL Labs and am showing that we have TLSv1.2 installed and in use. I also ran a test using the instructions here: https://github.com/paypal/TLS-update and receiving "PayPal_Connection_OK". I can provide a link to that endpoint if you would like to test it.
At the bottom of the email graphic it does say "If you have already made this upgrade, thank you." My office manager receives those emails and I would like to ensure we are compliant and good to go for the next month. Is it possible to have someone check my account status, please?
*EDIT* I should note that when I used the cacert.pem file I already had with the TLS-update file above it failed, I appended the "DigiCert High Assurance EV Root CA" and "DigiCert Global Root G2 (SHA-256)" on the end and tried again and it does pass as noted above.
Best Regards,
POCA-2018
- « Previous page
- Next page »
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Paypal 4X credit : translated message & currency error in PayPal Payments Standard
- Platform Marketplace integration approval in Sandbox Environment
- Remove PayPal Pay Later option from paypal checkout page. in PayPal Upgrade Community
- Security header is not valid error message in woo commerce in NVP/SOAP APIs
- API TRANSACTION_REFUSED in Sandbox when Capturing Payment in REST APIs