# Paypal Security Upgrades



## Jeffery (Oct 25, 2011)

*I received the following email from Paypal concerning upcomming security upgrades. 
I have no idea what I need to do if any thing....	
*


"To avoid service interruptions, please ensure that your systems are upgraded and compatible as testing will occur between now and September 30, 2016. 

JEFFERY THOLE, 

At PayPal, data security and safety are our top priorities, and as a result we&#8217;re implementing a series of security upgrades throughout 2016 and 2017. 

To comply with industry standards, we&#8217;re moving the SSL certificates on our endpoints to stronger encryption known as SHA-256 starting after September 30, 2016. Compatibility with SHA-256 will help strengthen your protection and ensure that your business systems are up to date with the latest security measures. 

If your systems aren&#8217;t SHA-256 compatible, your business will be unable to accept payments with PayPal until changes are made. For more details on our transition to SHA-256, please visit our SSL Certificate Upgrade Microsite. 

How to Prepare 

To prepare for the full cutover starting after September 30, 2016, we&#8217;ll be performing a series of tests on our endpoints starting in July 2016. The purpose for the testing is to ensure we&#8217;ve helped our merchants prepare for the full transition to SHA-256 happening after September 30, 2016. For a complete list of testing dates and times, please go to SSL Certificate Upgrade Microsite for the details. We&#8217;ll follow up with you with a separate email, if you&#8217;re impacted during our testing. 

Security Upgrades Coming in June 2017 

We also wanted to remind you that we&#8217;ve rescheduled several of our upgrades to accommodate merchants who couldn&#8217;t meet our original timelines. The following schedule shows details of whether your business is already compatible or doesn't use the functionality. If you do need to make security upgrades, the schedule will identify what changes need to be made. 

Change 

(click hyperlinks for more details) 


Change required? 


NEW DEADLINES 


Complexity 

TLS 1.2 AND HTTP/1.1 Upgrade 


No 


June 30, 2017 


High 

IPN Verification Postback to HTTPS 


Yes 


June 30, 2017 


Low 

Discontinue Use of GET Method of Classic NVP/SOAP 


No 


June 30, 2017 


Low 

Merchant API Certificate Credential Upgrade 


No 


Act between January 31, 2016 and January 1, 2018 (depending on your certificate expiry date) 


Medium 


The details on the required changes and how to action them, can be found on our 2016-2017 Merchant Security Roadmap Microsite. 

We encourage you to contact your web hosting company, e-commerce software provider, in-house web programmer, or system administrator for assistance with these changes. If you have any questions, please visit our Help pages by clicking Help & Contact at the bottom of any PayPal page. If you have any questions, please go to Contact Us at any www.paypal.com page or Technical Support Portal to submit a ticket. Select &#8220;Security Changes (TLS/Certificate)&#8221; within the Product drop-down. 

Thank you for your support of our commitment to maintain high security standards for all our global customers. 

Was this email helpful? Please click here to let us know how we're doing at keeping you informed. 


Please do not reply to this email. We're unable to respond to inquiries sent to this address. For immediate answers to your questions, visit our Help Center by clicking Help on any PayPal page. 

Â© 2016 PayPal Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131."


----------

