Share:
POST
TWEET
SHARE
SHARE
EMAIL

PayPal will stop working on 30th June if you don’t upgrade to TLS

By Chris Dawson June 18, 2018 - 11:45 am

PayPal will stop working on 30th of June and merchants will be unable to accept payments if they’ve not updated their websites to the latest standards which includes an upgrade to TLS.

The deadline for merchants to upgrade to Transport Layer Security (TLS) 1.2 June 30, 2018 and PayPal are requiring all merchants to upgrade their security protocols to TLS 1.2, in line with the requirements set by the Payment Card Industry (PCI) Council. The TLS protocol is used to encrypt communications between your platform and PayPal’s servers.

What do you need to do to upgrade to TLS?

Merchants should verify whether their website supports TLS 1.2 and, if necessary, make appropriate updates.

If you have a hosted service

Contact your provider to ensure they support TLS 1.2 and HTTP/1.1

Does your system already support TLS 1.2 and HTTP/1.1?

If the answer is yes then you’re all set. If not, then you need to upgrade to TLS 1.2 and HTTP/1.1 before the 30th of June.

Have you hard coded an earlier version of TLS or HTTP?

Update your code to always use the latest version of TLS and HTTP supported by PayPal endpoints.

More information about the required changes, the impact of the changes, and how to implement them can be found on PayPal’s Merchant Security Microsite.

  • Mark.T
    7 months ago

    What remains unclear from the email we got is whether the PayPal is saying…

    “You specifically are not secure”
    .. or…
    “We are writing to everyone to tell you to check if you are secure”

    Furthermore, is the whole account frozen or only those transactions through a non compliant site?

    Our current business uses PayPal invoicing but that is not linked to a website. However, in the past, I have created small test sites to try out PayPal payment buttons.

    I wonder where I put them…?

    • Darren
      7 months ago

      I’m guessing this is to do with the Express Checkout integration. Users are redirected to a PayPal screen when paying but when that has been completed PayPal make a connection to your web site to confirm the payment status to complete checkout. If this connection does not happen over a TLS https connection then the checkout procedure will fail.

  • Mark.T
    7 months ago

    This was my best guess as well.

    Still not clear whether the trigger is the existence of a poor connection or the use of that connect and whether it freezes the whole account or just transactions through that particular connection.

    This is academic for us, it is just the lack of specificity from PayPal that seems odd.

  • 7 months ago

    Why have I not been contacted by paypal?

  • E. Tolliver
    7 months ago

    Is this a PSA announcement for retail users, or do I need to upgrade as well as merchants?

Recent Comments

2 hours ago
BFT: I think we have to accept the increase in the number of Chinese sellers. My real...
3 hours ago
Alan: Ebay is not the only one where the amount of Chinese sellers is an issue....
3 hours ago
Toby: Totally agree with Andys comments above. The biggest obvious problem with ebay to me is...
3 hours ago
Mark: Yippeeee!!! hopefully eBay will pin this information to their customer service department so they will actually...