Community Forums 

Main Content

IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades.

    Sep 10 2015 20:31:05

    #1

    shactrack

    Join date : 2011-09-01      Posts : 28

    I just received this email today from PayPal. What does this mean since I accept payments using Mal's and is there anything specific that I need to do or someone I need to notify? Thanks in advance!

    ************************************************

    PayPal



    PayPal service upgrades.

    XXXX,
    As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

    This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

    You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
    Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
    Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
    Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.
    Thanks for your patience as we continue to improve our services.



    Sep 10 2015 20:53:51

    #2

    Sandro

    Join date : 2013-02-11      Posts : 15

    I also got that same email and came here to see what light the experts here at MALS can shed on this and how we should proceed.

    I use PAYPAL as my payment provider for my ecommerce which I run through MALS.

    Thanks



    Sep 10 2015 20:56:38

    #3

    hamishdad

    Join date : 2015-09-10      Posts : 9

    I just received the same message. I haven't clicked on the link provided to read the full technical details, but if anyone has already done it, I would appreciate knowing what has to be done. My cart is setup to use PayPal Payments Standard.

    Thanks!



    Sep 10 2015 21:41:16

    #4

    gogetit

    Join date : 2009-10-04      Posts : 3

    Oh, I hate me too's but me too. I'm in a real time crunch and never saw this before. Has anyone contacted Mal yet. I hate to send him an email as I'm sure he is getting lots of them on this subject.

    Please Mal or anyone else let us know if you find out anything about this.

    Thx.



    Sep 10 2015 22:30:51

    #5

    Evolving Door

    Join date : 2011-01-29      Posts : 21

    I'll add my name to this list. I got one and one of my clients got one. Really not sure what I'm supposed to do with it. It does seem legit. Paypal's info page about it gives lots of impressive looking tech information but I have no idea how to apply it to Mal's or any other use of Paypal on a website. Looking forward to hearing about a solution for this.



    Sep 11 2015 03:05:14

    #6

    MsMom

    Join date : 2008-09-30      Posts : 36

    I imagine Mal will respond, but I don't think that we'll be affected, its my understanding that these messages are stating that Paypal is upgrading *their* Service SSL Certificate, this would have no impact on our sites SSL Certificates (or his here).

    The only thing this would impact would be very old versions of OpenSSL, really outdated versions running On CentOs 4 or older which would already be considered end of life by cPanel and the distributors, so I'm sure Mal's are up to date.

    Sherri Owen
    Making Mal's Even Simpler
    http://merchantmoms.com




    Sep 12 2015 01:38:33

    #7

    Evolving Door

    Join date : 2011-01-29      Posts : 21

    I just spoke with Paypal. First of all, if I understand this at all correctly, this has to do only with the *notification* of payment (IPN), NOT whether we can receive payments or not - only whether we're notified of a payment.

    Since we (users of Mal's) get our notices from Mal's (not directly from Paypal...or at least I don't), I'm assuming that Mal provides IPN to Paypal which, if I understand, enables Mal to send us notices.

    Mal therefore needs to check that its servers are compliant with SHA-256, and if not then they need to upgrade or do whatever magic is required to become compliant.

    I hope that's correct, but it should be at least in the ballpark. So at this point I guess we need to hear from Mal's that they're on this and it will not affect our notices of having received payments.



    Sep 12 2015 04:07:30

    #8

    Debbie Q

    Join date : 2008-09-18      Posts : 4994

    When someone makes a payment through PayPal, PayPal sends Mal notification (IPN) of the payment and that is how Mal knows the payment has been made. If the IPN has not been sent from PayPal to Mal you will not get an order notification email and your customer will not get a receipt. The order will show up in your admin in red.

    Debbie Q

    Mal's Support: www.mals-e.com/support.php
    GT's Forms and examples: www.malsforms.com
    Helpful java scripts: www.gemasana.com/mals
    Shipping help documents: www.stoner.org.uk/mals

    My Create-A-Book Publishing - mycreateabook.com
    Personalized Books, Music CDs and Gifts for all ages and occasions.

    Please help me out and share my site on your networks.




    Sep 12 2015 04:32:59

    #9

    Debbie Q

    Join date : 2008-09-18      Posts : 4994

    In case you are not following the other thread on the same issue.

    Sep 11 2015 16:37:47#4
    sallyohioJoin date : 2009-08-03 Posts : 1

    Mal's carts are already carrying the correct SSL version required by PayPal, which is SHA-256. Mal emailed me and said it will not affect the cart.

    You can check the certificate by following a fake order from your cart to the screen where personal information is entered. the http: in your browser bar will change to shttp: to indicate a secure layer. There will also be a lock next to it. Click the lock to open the certificate and you will see that SHA-256 is in place. No worries.

    www,hightimedesign.com
    www.folkandfiber.com

    Debbie Q

    Mal's Support: www.mals-e.com/support.php
    GT's Forms and examples: www.malsforms.com
    Helpful java scripts: www.gemasana.com/mals
    Shipping help documents: www.stoner.org.uk/mals

    My Create-A-Book Publishing - mycreateabook.com
    Personalized Books, Music CDs and Gifts for all ages and occasions.

    Please help me out and share my site on your networks.




    Sep 12 2015 17:31:34

    #10

    hamishdad

    Join date : 2015-09-10      Posts : 9

    Thank you, Evolving Door and Debbie Q, for explaining it so well!!!



       1   |   2      »