Still all set?



I have to say I agree with the previous poster. Every now and then I think (I think I know, but probably not) I can do the PayPal stuff myself, but then these things come up and I know I am babe in the woods.



Thank YOU e-Junkie.

You're quite welcome, and yes, we're still keeping on top of these PayPal upgrades. In fact, it's the same pending upgrade they've been warning about for nearly a year now; they seem to keep delaying the final cut-over and sending out another email blast to their merchant clientele every few months to make sure everyone has a chance to prepare in advance, and it looks like they just sent another one this week.

I received a formal notice from PayPal today stating our system is "not yet compliant" with TLS 1.2 and HTTP/1.1 Upgrade that is mandatory for the 2018 changeover. Obviously, they are threatening service interrupt if we do not make the changes required at changeover June 30.

E-Junkie is the only organization connecting to PayPal from our site. Your thoughts please.

Thank You
Peter Hurley

No worries. Our Operations team is already aware of these upcoming changes and has our system prepared in advance to ensure a seamless transition. Since E-junkie is centrally-managed software, we handle back-end integration details like this for you, so no action would be required on your part; we'll have it all taken care of at our end.

We're not sure why this latest round of PayPal notifications imply some upgrade is still required, as we've been fully compliant at our end for quite some time already, so we have asked our contacts there for clarification. At this point, we can only guess they may be probing your own site domain under a mistaken presumption you have ecommerce software installed on your own server that would need to be compliant, rather than using centrally-managed "software as a service" (SaaS) such as E-junkie that handles such technical concerns for you independently of your site's server.

Hi eJunkie Team,
Thanks for all your hard work behind the scenes to get ready for GDPR. One of the things I need to get compliant with is Paypal. How will paypal know I am compliant? They currently have me listed as non-compliant and your platform is the only one I sell through online.

To quote them "Our records indicate that your PayPal integration is not compatible with TLS1.2 and/or HTTP/1.1 and you will need to make the necessary updates to your systems before 30 June 2018 to continue accepting payments."

I have gone into paypal to see what to do but I am confused. How can I let them know that you guys are compliant?

No worries; the required updates were already applied at our end long ago, so you can just disregard these notices. We found out PayPal is sending them because they're scanning merchants' own site servers for compliance with the upgrade, which is irrelevant for using a centrally-managed solution like E-junkie.

PayPal won't do anything to your ability to receive payments; they're just warning that if you had ecommerce software installed on your server -- which you don't, in our case -- that could stop working with PayPal if it isn't updated in time. At any rate, there's no cause for concern; we have it taken care of.

They're getting increasingly panicky - they even phoned me up about this just now (went to voicemail).

It seems that PayPal's automated scanning method to generate these warnings doesn't account for a scenario where sales could be coming from a site that isn't running its own ecommerce software and isn't using PayPal's own purchase buttons.

Most ecommerce solutions are either a "licensed" software package that's installed on the seller's own server, or a fully "hosted" solution which also manages the seller's site (or at least their storefront/sales pages). In either case, the server running the ecommerce software is also running the sales site/page where buyers place their orders, so PayPal can usually determine if a seller's ecommerce solution supports the latest HTTPS/TLS standards by scanning the site where those sales originate.

However, E-junkie is a hybrid of those approaches, where the ecommerce software is centrally managed on our servers, yet most sellers use our service by pasting button codes into their own site, so in our case the site where sales originate is not also the server running the seller's ecommerce software. Thus, when PayPal's scanning routine checks our sellers' sites, they're looking in the wrong place to determine if the seller's ecommerce solution supports the latest HTTPS/TLS standards, which can then generate the irrelevant warnings you've been receiving.

Thank you so much E-Junkie!

I've now received a postal letter to the same effect and cannot see how I can verify. I wish there were a PayPal verification tool. If there is, I have not yet found it.

I am so glad to see that there is nothing I need to do. Well, perhaps. Do I need to get new codes at PayPal to enter here?

Thank you all for staying in touch!

I’m still getting notices and I’m trying not to stress. I noticed this thread started in 2016. There’s nothing that needs to be done then? I don’t need to call PayPal? My most recent email says this:

Action required by June 30, 2018.

Our records show that your PayPal integration uses an older encryption protocol. You must take the following actions immediately to upgrade your PayPal integration(s) to the TLS 1.2 cryptographic protocol by June 30, 2018.

Visit our security website to view the requirements: www.paypal.com/tls4
If your website is hosted by a third-party, work with your web hosting company or ecommerce software provider. Otherwise, please contact your in-house web programmer or system administrator to make these updates.
Use our testing environment to verify that your systems support the latest security standards: https://tlstest.paypal.com3. The testing environment will present a ‘PayPal_Connection_OK’ message if you’ve completed the update correctly.

If

Overnight on June 5th-6th, our Devs found and resolved one last remaining noncompliant point of our integration with PayPal. I sent our upper-level tech contact at PayPal a list of merchants who'd inquired about the latest round of warnings yesterday, and he has confirmed they show no remaining compliance violations logged after the 6th, so apparently the warnings in this latest round were generated due to issues logged prior to that date.

We are now fully confident about our compliance with PayPal's integration requirements, and as before, you won't need to do anything to ensure compliance or clear the air with PayPal; it's all handled at our end.

Today I'm getting a warning from paypal that my integration with E-junkie is not PCI compliant and need to be upgraded to TLS 1.2. Has that been done? Do I need to do anything?

I'm also getting a warning from paypal (when I log in) that my integration with E-junkie is not PCI compliant. It states that "immediate action is required" to fix the issue.

I’m getting the same warning when I log in.

I have no problems but I updated my site to PCI and TLS 1.2. Just got an order through eJunkie paid via paypal in fact so things are working fine.

So is this something ejunkie needs to do on their end, or website owners need to do? I have no idea what this meansn

You may need to update your site to TLS 1.2 and be PCI compliant. In my case my webhosting company did it for me. It is done on the server level. They also added a certificate to my site. If you have web hosting support just ask the techs to do it for you.

The real issue is not the paypal warning which comes up on paypal.com when you log in. The real issue is whether or not you can process transactions. If you can, then disregard the warning. I saw the same warning you mentioned today but I my paypal and eJunkie transactions are going through so it's not relevant to me.

PayPal has confirmed to us the warnings that appear on login to their site are due to issues they'd logged going back prior to June 5th, and that they are not seeing any issues logged since June 6th for any merchant we've asked them to check. The fact that you are still processing payments successfully now, after their cutoff deadline, confirms that things are set up and working as they require.

BTW, when you use E-junkie it's not necessary to upgrade your site to use HTTPS or TLS 1.2, as your own server is not interfacing with PayPal's system at all, nor is your site handling any payment data subject to PCI-DSS compliance requirements; we handle all of that for you at our end.