You may have received an email from PayPal regarding recent upgrades - NationBuilder is compliant with these upgrades! However, in order for your site to have minimal disruption, you need to covert yourself onto the SHA-256 by June 17th
Email from PayPal:
May 12 2016
PayPal is unable to determine if your systems are SHA-256 compatible. Please go to 2016-2017 Merchant Security Roadmap Microsite to verify your status.
June 17 2016
June to August - Testing
September 30 2016- Full cutover
June 30 2017
June 30 2017
June 30 2017
Act before your current certificate expires. Certificates are due to expire after January 2018. We’ll work with you to generate a new certificate before January 2018
Scheduled change dates provided in this email and the PayPal 2016 - 2017 Merchant Security Roadmap are subject to change. You’ll be notified of any changes to these plans.
Critical SHA-256 testing to occur from June to August
To ensure compliance with industry standards, we strongly encourage you to have your systems SHA-256 compatible by June 17 2016. After this date, we’ll be conducting critical testing throughout August to prepare for the full cutover to SHA-256 on September 30 2016. If you haven’t upgraded to SHA-256 by June 17 2016, you will experience service interruptions during testing. If you’re not certain whether your systems are SHA-256 compatible, please go to the 2016-2017 Merchant Security Roadmap Microsite to verify your status. We also encourage you to contact your web hosting company, e-commerce software provider, in-house web programmer or system administrator for assistance. We’ll send you a separate email in the next couple of weeks with more details on our testing procedures.
For more information on all our security upgrades, please refer to the following FAQs or our 2016-2017 Merchant Security Roadmap Microsite.
How do I make these changes?
The details on the required changes and how to implement them can be found on our 2016-2017 Merchant Security Roadmap Microsite.
We encourage you to contact your web hosting company, e-commerce software provider, in-house web programmer or system administrator for assistance with these changes, if needed.
What will happen if I don’t make the changes by the due date?
If you have not made the necessary changes by the deadlines, you won't be able to accept payments with PayPal until you do so. The exception is change #1: IP Address Update for PayPal Secure FTP Servers, which will limit access to reports from PayPal’s SFTP server if the change is not made.
We encourage you to contact your web hosting company, e-commerce software provider, in-house web programmer or system administrator for assistance with these changes. If not supported, please contact us by clicking the Help & Contact link at the bottom of any PayPal page or by visiting the Technical Support Portal to submit a ticket. Select “Security Changes (TLS/Certificate)” within the Product drop-down.
As a leading payment provider, we’re committed to continually investing and innovating to deliver to customers the strongest protection possible. Thank you for your support of our commitment to maintain the highest security standards for all our global customers.
Yes! We are compliant with the upcoming PayPal upgrades.