You may have received an email from PayPal recently informing you of changes you need to make to your PayPal integration.
You may have overlooked this email or not received it – but it’s an important one so you should dig it out or read on.
During 2016 PayPal are rolling out various new security requirements so you need to ensure your site is compatible so that you can continue accepting payments. If you don’t update your site in time, it’s possible your PayPal integration will stop working.
PayPal acknowledge that what they’re asking for is very technical, stating “What you’re about to read is very technical in nature – we understand that. Please contact the parties responsible for your PayPal integration, or your third party vendor (for example, shopping cart provider, and so on) to review this email. They’re best positioned to help you make the changes outlined in this email and in the 2016 Merchant Security Roadmap Microsite.” Which for lots of people will simply mean “ask your web developer”!
If you’ve had an email from PayPal they might have highlighted to you which of the following you need to look at, or if not your web developer will be able to work it out for you.
SSL Certificate Upgrade to SHA-256 – act by June 17th 2016
TLS 1.2 and HTTP/1.1 Upgrade – act by June 17th 2016
IPN Verification Postback to HTTPS – act by September 30th 2016
IP Address Update for PayPal Secure FTP Servers – act by April 14th 2016
Merchant API Certificate Credential Upgrade – act between January 31st 2016 and January 1st 2018 (depending on your certificate expiration date)
Discontinue Use of GET Method for Classic NVP/SOAP APIs – act by September 30th 2016