Paypal is sending a security notice to online merchants that states: Security and safety are our top priorities. We’re in the process of implementing a series of security upgrades this year. These upgrades ensure our security measures continue to be a model for best practice and incorporate industry standards. Most importantly, the upgrades will allow us to continue to provide the highest level of security available for our customers….
It goes on to give a timeline of the implementations of new security protocols and best practices for online merchants. It will also include a table that states what parts of your site aren’t compliant or can’t be verified.
Here is what you should know:
SHA256 SSL – You have less than a week to get your SSL certificate in compliance with the new standards, if you haven’t already. This must be done so that the testing can be conducted between now and September 30 when PayPal will fully implement the SHA256 protocol standard. If you don’t meet this deadline, you could lose business while they are only accepting SHA256 certificates.
TLS 1.2 and HTTP 1.1 – You still have a little over a year to have these in compliance. You can do a quick check by using a free tool such as web-sniffer to determine the HTTP version. You can also check your certificate information in your browser. For instance, in Chrome, click the padlock then click details and finally click view certificate and then click the Details tab. You will see the Signature Hash Algorithm and it will say SHA256 if you are compliant.
If you aren’t compliant, you need to either do the work to make it compliant or hire somebody to take care of it for you. Sometimes, simply reissuing the SSL will take care of the SHA algorithm, depending on the certificate. If you are using shared hosting, perhaps it is time to consider moving to a Virtual Private Server.
If you are considering moving from a shared hosting provider to your own VPS, we can lease you a VPS that is up 99.8% of the time. Our VPS includes an SSL issued through Comodo and we will migrate your site to the new VPS, so that the entire process is complete without a hitch.
We also offer a service to ensure that you are 100% compliant with PayPal allowing you to breathe easy and not stress over the upcoming changes.