Paypal upgrades - do we need to do anything?

paypal

method

ipn

certificate

ftp

upgrade

https

http

nvp

ashburton 2016-05-17 16:36:41 UTC #1

I just got an email from Paypal saying my site will be effected in their upcoming upgrades and I need to attend to the following:

- IP Address Update for PayPal Secure FTP Servers

- SSL Certificate â€“ System Upgrade for SHA-256 compatibility

- TLS 1.2 and HTTP/1.1 Upgrade

- IPN Verification Postback to HTTPS

- Discontinue Use of GET Method for Classic NVP/SOAP APIs

- Merchant API Certificate Credential Upgrade

Is there anything I or E-junkie need to do? Or is it just a blanket email Paypal have sent out to everyone (as I suspect it is!)?

Thanks,

E-junkie_Guru 2016-05-17 18:52:40 UTC #2

Yes, that's just a broadcast email PayPal is sending to everyone lately. Our Operations team is already aware of these upcoming changes and has our system prepared in advance to ensure a seamless transition. Since E-junkie is centrally-managed software, we handle back-end integration details like this for you, so no action would be required on your part; we'll have it all taken care of at our end. :^)

ethicsvictory 2016-05-31 20:18:33 UTC #3

Thanks for the clarification.

anthonyk 2016-06-02 13:08:30 UTC #4

That's good to hear. Thanks, e-junkie.

hurleybyrd 2016-06-13 13:33:32 UTC #5

The begin date as per PayPal is June 17..... MUST Comply no later than September 30. Is this issue ready now for the changeover?

E-junkie_Guru 2016-06-13 17:07:17 UTC #6

Yes, our system already supports the new requirements and already uses them to integrate with PayPal, so the changeover should be seamless when PayPal drops support for older methods.

sassy 2016-06-14 13:10:40 UTC #7

E-Junkie, you guys rock.

Just sayin'.

Thank you so much.

jeanmorgan 2016-06-16 09:24:12 UTC #8

Just want to say I just got the email from PayPal and as today is already turning into a day of constant irritations I panicked a bit. Then I remembered I use e-junkie and thought to come over to the e-junkie site and see if there was any mention of this.

I am very relieved to see that e-junkie had my back all along and was not just on top of it was already ahead of the game. Thank You e-junkie peeps for doing something to improve my mood and temper today rather than giving me another headache to deal with.

You Rock!

welovecrete 2016-06-17 18:24:25 UTC #9

Thanks for sorting this out - major pain in the neck if it wasn't sorted but you are ahead of it. Thanks for seamless services so we can 'make money whilst we sleep'

bobanderson 2016-08-02 14:35:30 UTC #10

Still all set?

I have to say I agree with the previous poster. Every now and then I think (I think I know, but probably not) I can do the PayPal stuff myself, but then these things come up and I know I am babe in the woods.

Thank YOU e-Junkie.

E-junkie_Guru 2016-08-02 15:50:35 UTC #11

You're quite welcome, and yes, we're still keeping on top of these PayPal upgrades. In fact, it's the same pending upgrade they've been warning about for nearly a year now; they seem to keep delaying the final cut-over and sending out another email blast to their merchant clientele every few months to make sure everyone has a chance to prepare in advance, and it looks like they just sent another one this week.

hurleybyrd 2017-12-23 22:04:15 UTC #12

I received a formal notice from PayPal today stating our system is "not yet compliant" with TLS 1.2 and HTTP/1.1 Upgrade that is mandatory for the 2018 changeover. Obviously, they are threatening service interrupt if we do not make the changes required at changeover June 30.

E-Junkie is the only organization connecting to PayPal from our site. Your thoughts please.

Thank You
Peter Hurley

E-junkie_Guru 2017-12-24 20:49:13 UTC #13

No worries. Our Operations team is already aware of these upcoming changes and has our system prepared in advance to ensure a seamless transition. Since E-junkie is centrally-managed software, we handle back-end integration details like this for you, so no action would be required on your part; we'll have it all taken care of at our end.

We're not sure why this latest round of PayPal notifications imply some upgrade is still required, as we've been fully compliant at our end for quite some time already, so we have asked our contacts there for clarification. At this point, we can only guess they may be probing your own site domain under a mistaken presumption you have ecommerce software installed on your own server that would need to be compliant, rather than using centrally-managed "software as a service" (SaaS) such as E-junkie that handles such technical concerns for you independently of your site's server.

welovecrete 2018-05-16 03:24:24 UTC #14

Hi eJunkie Team,
Thanks for all your hard work behind the scenes to get ready for GDPR. One of the things I need to get compliant with is Paypal. How will paypal know I am compliant? They currently have me listed as non-compliant and your platform is the only one I sell through online.

To quote them "Our records indicate that your PayPal integration is not compatible with TLS1.2 and/or HTTP/1.1 and you will need to make the necessary updates to your systems before 30 June 2018 to continue accepting payments."

I have gone into paypal to see what to do but I am confused. How can I let them know that you guys are compliant?

E-junkie_Guru 2018-05-16 22:30:43 UTC #15

No worries; the required updates were already applied at our end long ago, so you can just disregard these notices. We found out PayPal is sending them because they're scanning merchants' own site servers for compliance with the upgrade, which is irrelevant for using a centrally-managed solution like E-junkie.

PayPal won't do anything to your ability to receive payments; they're just warning that if you had ecommerce software installed on your server -- which you don't, in our case -- that could stop working with PayPal if it isn't updated in time. At any rate, there's no cause for concern; we have it taken care of.

gravelld 2018-05-18 15:49:15 UTC #16

They're getting increasingly panicky - they even phoned me up about this just now (went to voicemail).

E-junkie_Guru 2018-05-21 00:25:17 UTC #17

It seems that PayPal's automated scanning method to generate these warnings doesn't account for a scenario where sales could be coming from a site that isn't running its own ecommerce software and isn't using PayPal's own purchase buttons.

Most ecommerce solutions are either a "licensed" software package that's installed on the seller's own server, or a fully "hosted" solution which also manages the seller's site (or at least their storefront/sales pages). In either case, the server running the ecommerce software is also running the sales site/page where buyers place their orders, so PayPal can usually determine if a seller's ecommerce solution supports the latest HTTPS/TLS standards by scanning the site where those sales originate.

However, E-junkie is a hybrid of those approaches, where the ecommerce software is centrally managed on our servers, yet most sellers use our service by pasting button codes into their own site, so in our case the site where sales originate is not also the server running the seller's ecommerce software. Thus, when PayPal's scanning routine checks our sellers' sites, they're looking in the wrong place to determine if the seller's ecommerce solution supports the latest HTTPS/TLS standards, which can then generate the irrelevant warnings you've been receiving.

printnpractice 2018-06-12 04:24:04 UTC #18

Thank you so much E-Junkie!

I've now received a postal letter to the same effect and cannot see how I can verify. I wish there were a PayPal verification tool. If there is, I have not yet found it.

I am so glad to see that there is nothing I need to do. Well, perhaps. Do I need to get new codes at PayPal to enter here?

Thank you all for staying in touch!

my3hens 2018-06-12 18:14:16 UTC #19

I’m still getting notices and I’m trying not to stress. I noticed this thread started in 2016. There’s nothing that needs to be done then? I don’t need to call PayPal? My most recent email says this:

Action required by June 30, 2018.

Our records show that your PayPal integration uses an older encryption protocol. You must take the following actions immediately to upgrade your PayPal integration(s) to the TLS 1.2 cryptographic protocol by June 30, 2018.

Visit our security website to view the requirements: www.paypal.com/tls
If your website is hosted by a third-party, work with your web hosting company or ecommerce software provider. Otherwise, please contact your in-house web programmer or system administrator to make these updates.
Use our testing environment to verify that your systems support the latest security standards: https://tlstest.paypal.com. The testing environment will present a ‘PayPal_Connection_OK’ message if you’ve completed the update correctly.

E-junkie_Guru 2018-06-12 20:39:38 UTC #20

Overnight on June 5th-6th, our Devs found and resolved one last remaining noncompliant point of our integration with PayPal. I sent our upper-level tech contact at PayPal a list of merchants who'd inquired about the latest round of warnings yesterday, and he has confirmed they show no remaining compliance violations logged after the 6th, so apparently the warnings in this latest round were generated due to issues logged prior to that date.

We are now fully confident about our compliance with PayPal's integration requirements, and as before, you won't need to do anything to ensure compliance or clear the air with PayPal; it's all handled at our end.

SOLUTIONS FEATURES PRICING DISCOVER PRODUCTS CONTACT HELP DOCS DASHBOARD

Forum

E-junkie Community Forum

Share and learn in the E-junkie community.