Paypal SHA-256 compatibility

Hi there

Paypal have just issued us with the following warning. Will this affect Membership Pro at all? Thanks, Jennie

To avoid service interruptions, please ensure that your systems are SHA-256 compatible by 17 June 2016.

At PayPal, security and safety are our top priorities and, as a result, we’re implementing a series of security upgrades throughout 2016 and 2017. To comply with industry standards, we need to move our endpoints to stronger encryption known as SHA-256 by 30 September 2016.

In preparation for our transition to SHA-256, we'll be undertaking critical testing between 17 June and 29 September 2016. During this period, if your systems aren’t SHA-256 compatible, your business’ ability to accept payments with PayPal may be temporarily impacted. We strongly recommend that your systems are compatible with SHA-256 by 17 June to ensure that your business isn’t interrupted. If your systems aren’t SHA-256 compatible by the full cutover on 30 September, your business will be unable to accept payments with PayPal until changes are made. For more details about our transition to SHA-256, please go to 2016-2017 Merchant Security Roadmap Microsite.

At PayPal, we’re committed to delivering the highest level of security available for our customers. Compatibility with SHA-256 will help strengthen your protection and ensure that your business systems are up to date with the latest security measures. Thank you for your continued support and for helping us maintain these standards for all our customers.

Further information

What is the purpose of the testing?

The purpose of this testing is to help us identify, with certainty, those customers who will be impacted by the full cutover to SHA-256. As part of our commitment to our customers, we'll immediately notify impacted customers so that we can better prepare them for the full cutover on 30 September.

How do I ensure that my business won't be impacted by the testing?

If your systems aren’t currently SHA-256 compatible, the details about the required changes and how to action them can be found on our 2016-2017 Merchant Security Roadmap Microsite.

If you're not sure whether your systems are SHA-256 compatible, we recommend that you speak with your web hosting company, e-commerce software provider, in-house web programmer or system administrator. They can assist you in making the required changes before the testing.

Hi Jennie
Are you sure that they request it 17 June 2016. or 17 June 2017.?
Thanks

Hi - The information was copied and pasted exactly as received from an email sent to a client of mine by Paypal and forwarded to me.

Yes they are saying they will be testing from 17 June 2016 and 29 September 2016, after which they will complete the transition.

Thanks, Jennie

I've just done some research and it appears that this relates to the SSL certificate so I don't think it matters?

magento.stackexchange.com/questions/8271...-certificate-changes

Hi Jennie

Yes. It doesn't affect Membership Pro (or any of our extensions). The only change needed is about PayPal IPN Post Back URL, but it is only needed in June 2017

Regards,

Tuan

does this mean I'll have to get a SSL certificate for my website in order to use the Paypal payment processor?

Hi Lars

No, you don't have to have an SSL certificate. You only need to use SSL certificate if you are using a credit card based payment gateway such as Stripe, PayPal Pro, Authorize.net, Eway... (which customers enter credit card information directly on your site for processing payment)

For the standard PayPal payment plugin (which comes with Membership Pro by default), you don't need SSL certificate

Regards,

Tuan