Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

PayPal 2016-2017 Merchant Security Roadmap
 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #1  
Old 04-25-2017, 05:35 AM
  Anna_Shvetsova's Avatar 
Anna_Shvetsova Anna_Shvetsova is offline
 

X-Cart team
  
Join Date: Oct 2013
Posts: 57
 

Default PayPal 2016-2017 Merchant Security Roadmap

Hi friends,

We get multiple requests from X-Cart Classic (4.x) users regarding PayPal security requirements that are coming into effect soon and may impact the ability to accept payments in your store. So we’ve prepared this quick summary of the requirements and actions you should take to make sure your X-Cart supports the changes.

TLS 1.2 – Act by June 30, 2017
Affected versions: 4.2.2 - 4.6.4
Impact: Inability to accept online payments in your store.
Solution: Get detailed instructions here. Most likely, you’ve already fixed the issue, as we announced the update back in 2014.

HTTP/1.1 Upgrade Microsite – Act by June 30, 2017
Affected versions: 4.5.4 and older
Impact: Inability to accept online payments in your store.
Solution: Get detailed instructions here. As in the previous point, we think you’re all set here, but if you’re not sure, we can help you to find it out.

IPN Verification Postback to HTTPS Microsite – Act by June 30, 2017
Affected versions: All versions
Impact: Payment processing in your store won’t break down after the update, however, PayPal recommends to apply the patch in order to increase the security of PayPal IPN requests.
Solution: Apply the patch paypal-https-IPN-2017-04-25_4.x.x.tgz to start accepting IPN requests from PayPal by an HTTPS secure endpoint.

Discontinue Use of GET Method for Classic APIs Microsite – Act by June 30, 2017
This requirement has no impact on your online store, so there is nothing to do about it.

Merchant API Certificate Credentials Upgrade Microsite – Act by January 1, 2018
Affected versions: All X-Cart versions, but only if it’s the API certificate that you use as PayPal authentication method.
Impact: Inability to accept online payments in your store.
Solution: Generate a new certificate following the instructions here. Or switch to the API signature authentication method in your PayPal account and update the PayPal settings in your store back-end.

Need help? We are happy to assist. Ask your questions here or create a ticket in your Help Desk account to request the patches application.
__________________
X-Cart team

Last edited by Anna_Shvetsova : 04-25-2017 at 08:10 AM.
Reply With Quote

The following 7 users thank Anna_Shvetsova for this useful post:
cherie (04-25-2017), dpcompany (04-25-2017), elmirage001 (04-25-2017), julie@elderberryherbfarm. (04-25-2017), kpriest (04-25-2017), pauldodman (04-25-2017), seyfin (04-30-2017)
  #2  
Old 06-05-2017, 11:09 AM
 
Ostrofpro Ostrofpro is offline
 

Newbie
  
Join Date: Jun 2010
Posts: 4
 

Default Re: PayPal 2016-2017 Merchant Security Roadmap

Do you have to have a SSL cert to complete transactions through PayPal now?
__________________
Version 4.3.1
Reply With Quote
  #3  
Old 06-05-2017, 11:11 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,484
 

Default Re: PayPal 2016-2017 Merchant Security Roadmap

SSL has always been a requirement for operating ecommerce website. You simply cannot have any website running without SSL if you collect any time of customer personal and/or financial data.
So yes - it is a requirement
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
  #4  
Old 06-05-2017, 12:06 PM
 
Ostrofpro Ostrofpro is offline
 

Newbie
  
Join Date: Jun 2010
Posts: 4
 

Default Re: PayPal 2016-2017 Merchant Security Roadmap

if you are using paypal as a payment terminal then you never had to have a ssl to complete a transaction because you were not directly collecting financial information, it is my understanding that on june 30th 2017 paypal is starting to REQUIRE a ssl to complete a payment. I also ask because of your comment above saying that 'Impact: Payment processing in your store won’t break down after the update'
__________________
Version 4.3.1
Reply With Quote
  #5  
Old 06-05-2017, 12:38 PM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,484
 

Default Re: PayPal 2016-2017 Merchant Security Roadmap

Quote:
Originally Posted by Ostrofpro
if you are using paypal as a payment terminal then you never had to have a ssl to complete a transaction because you were not directly collecting financial information....

This is absolutely not true. Common misunderstanding what SSL does and why it is there.
It doesn't matter if you collect payment data on your site or somewhere else - all pages dealing with personal or financial data must be https. How is your customers going to login to store? Or create an account? Or checkout?
They provide personal data - name, address, phone, etc. not to mention username/password.
All these data must be protected.

And to add more to this - Google and I am sure other SE started to flag sites not using SSL for the whole site as insecure and this is visible to customers.

SSL is not an option. It is mandatory unless you have a blog site without asking customers to provide any info.
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 11:51 PM.

   

 
X-Cart forums © 2001-2018