Paypal security changes - Jun 17
Permalink Browser Info Environment
The paypal security changes for June 17th have potential to affect our paypal tool, we would like to ensure that our site will not have issues with the new security changes.
Type: | Discussion |
---|---|
Status: | In Progress |
I am anxious to hear the developers response to this. It is my guess that the SHA-256 issue does not apply to us because the form redirects to a secure PayPal.com form to collect the credit card information. I emphasize that this is just my guess and I, for one, would rest easier if we could a get more authoritative confirmation.
Could you please explain what is meant by this and what we need to check/do and from where?
Thank you
Thank you
We received a similar notification to that describe by dihakz, copy attached as a pdf file. As nearly as I understand it, PayPal are saying that transactions posted over an SSL connection must come from a server (e.g. our host server) with a certificate supporting the SHA-256 encryption standard. It is confusing to me and I might have that wrong. It seems to me that since the add-on redirects to a PayPal.com form to collect the information, that should not apply. But I may be ignorant on that point.
The PayPal notice refers to this url for "more details":
https://www.paypal-knowledge.com/infocenter/index?page=content&w...
The PayPal notice refers to this url for "more details":
https://www.paypal-knowledge.com/infocenter/index?page=content&w...
This is making me nervous. I'd really like to see the developer's response!
To avoid service interruptions, please ensure that your systems are SHA-256 compatible by 17 June 2016.
At PayPal, security and safety are our top priorities and, as a result, we’re implementing a series of security upgrades throughout 2016 and 2017. To comply with industry standards, we need to move our endpoints to stronger encryption known as SHA-256 by 30 September 2016.