PayPal will stop working on 30th June if you don’t upgrade to TLS

No primary category set

PayPal will stop working on 30th of June and merchants will be unable to accept payments if they’ve not updated their websites to the latest standards which includes an upgrade to TLS.

The deadline for merchants to upgrade to Transport Layer Security (TLS) 1.2 June 30, 2018 and PayPal are requiring all merchants to upgrade their security protocols to TLS 1.2, in line with the requirements set by the Payment Card Industry (PCI) Council. The TLS protocol is used to encrypt communications between your platform and PayPal’s servers.

What do you need to do to upgrade to TLS?

Merchants should verify whether their website supports TLS 1.2 and, if necessary, make appropriate updates.

If you have a hosted service

Contact your provider to ensure they support TLS 1.2 and HTTP/1.1

Does your system already support TLS 1.2 and HTTP/1.1?

If the answer is yes then you’re all set. If not, then you need to upgrade to TLS 1.2 and HTTP/1.1 before the 30th of June.

Have you hard coded an earlier version of TLS or HTTP?

Update your code to always use the latest version of TLS and HTTP supported by PayPal endpoints.

More information about the required changes, the impact of the changes, and how to implement them can be found on PayPal’s Merchant Security Microsite.

5 Responses

  1. What remains unclear from the email we got is whether the PayPal is saying…

    “You specifically are not secure”
    .. or…
    “We are writing to everyone to tell you to check if you are secure”

    Furthermore, is the whole account frozen or only those transactions through a non compliant site?

    Our current business uses PayPal invoicing but that is not linked to a website. However, in the past, I have created small test sites to try out PayPal payment buttons.

    I wonder where I put them…?

  2. This was my best guess as well.

    Still not clear whether the trigger is the existence of a poor connection or the use of that connect and whether it freezes the whole account or just transactions through that particular connection.

    This is academic for us, it is just the lack of specificity from PayPal that seems odd.

  3. Is this a PSA announcement for retail users, or do I need to upgrade as well as merchants?

RELATED POSTS..

Why are more SMEs starting to accept American Express?

Why are more SMEs starting to accept American Express?

Temu MASA Certification for User Security and Privacy

Temu MASA Certification for User Security and Privacy

TikTok European User Data Security update

TikTok European User Data Security update

PayPal USD Stablecoin launched pegged to US$

PayPal USD Stablecoin launched pegged to US$

Hack4Values Pro Bono bug hunters for NGOs & nonprofits

Hack4Values Pro Bono bug hunters for NGOs & nonprofits

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars