News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

PayPal service upgrades

Started by searchgr, September 11, 2015, 12:57:50 AM

Previous topic - Next topic

searchgr

Hi all!

I received the following email from Paypal. Are there any changes i have to do or any update from the smf team?


As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

You're receiving this notification because you've been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

Thanks for your patience as we continue to improve our services.



Kindred

there should be no difficulty with them upgrading their certificate and the communication from an SMF site to them.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

madfiddler

So did 'we' have to do anything about this. I've just had a PayPal subscription in, and it failed. The previous one, in September, was fine...

elbeer

All the recurring payments are now failing. I am having to go to IPN history and update each one manually.

Is there a fix for this?

madfiddler

When you say update each one manually, what do you mean?

(presume you mean any membergroup settings etc).

Sir Osis of Liver

Are PayPal payments successful?
Anything in error log?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

madfiddler

Before that, I've just checked PayPal and it seems to have worked. No idea why they emailed me saying it didn't. Apologies for wasting time!

m

elbeer

Quote from: madfiddler on October 21, 2015, 06:23:06 AM
When you say update each one manually, what do you mean?

(presume you mean any membergroup settings etc).

It means I am going to paypal IPN history and checking which subscriptions have gone through then manually editing the users subscriptions to suit.

Sir Osis of Liver

If payment is successful, but recurring payment does not create a PayPal subscription, it's not a certificate problem.  PP generates two separate transactions, and posts two IPNs, for a recurring subscription.  One is for the initial payment, the second is for the subscription (recurring payment).  You must have Allow user to auto-renew this subscription checked in your subscription settings, and subscriber must have Make this a recurring payment checked when they order (it's checked by default).

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

searchgr

At PayPal, security and safety are our top priorities and, as a result, we're implementing a series of security upgrades throughout 2016 and 2017. To comply with industry standards, we need to move our endpoints to stronger encryption known as SHA-256 by 30 September 2016. This will help strengthen your protection and ensure that your business systems are up to date with the latest security measures.

In preparation for our transition to SHA-256, we'll be undertaking critical testing between 17 June and 29 September 2016. During this period, if your systems aren't SHA-256 compatible, your business' ability to accept payments with PayPal may be temporarily impacted. To ensure that your business doesn't experience any interruptions, we strongly recommend that your systems are compatible with SHA-256 by 17 June. If your systems aren't SHA-256 compatible by the full transition on 30 September, your business will be unable to accept payments with PayPal until changes are made. For more details about our transition to SHA-256, please see the 2016-2017 Merchant Security Roadmap Microsite.

Further information

What is the purpose of the testing?

The purpose of this testing is to help us identify those customers who will be impacted by the full transition to SHA-256. We'll immediately notify impacted customers so that we can help them better prepare for the transition on 30 September.

How do I ensure that my business won't be impacted by the testing?

If your systems aren't currently SHA-256 compatible, you can find details about the required changes and how to action them on our 2016-2017 Merchant Security Roadmap Microsite.

If you're not sure whether your systems are SHA-256 compatible, we recommend you speak with your web hosting company, e-commerce software provider, in-house web programmer or system administrator. They can assist you in making the required changes before the testing.

When will testing occur?

For a complete list of testing dates and times, please visit our SSL Certificate Upgrade Testing Schedule.

Yours sincerely

PayPal


Advertisement: