Skip to main content

Is NationBuilder compliant by the PayPal security upgrades?

You may have received an email from PayPal regarding recent upgrades - NationBuilder is compliant with these upgrades! However, in order for your site to have minimal disruption, you need to covert yourself onto the SHA-256 by June 17th

   
 

Change required?

Dates

Complexity

IP Address Update for PayPalSecure FTP Servers

No

May 12 2016

Medium

SSL Certificate Upgrade to SHA-256

PayPal is unable to determine if your systems are SHA-256 compatible. Please go to 2016-2017 Merchant Security Roadmap Microsite to verify your status.

June 17 2016

June to August - Testing

September 30 2016- Full cutover

High

TLS 1.2 AND HTTP/1.1 Upgrade

Yes

June 30 2017

High

IPN Verification Postback to HTTPS

No

June 30 2017

Low

Discontinue Use of GET Method of Classic NVP/SOAP

No

June 30 2017

Low

Merchant API Certificate Credential Upgrade

No

Act before your current certificate expires. Certificates are due to expire after January 2018. We’ll work with you to generate a new certificate before January 2018

Medium


Scheduled change dates provided in this email and the PayPal 2016 - 2017 Merchant Security Roadmap are subject to change. You’ll be notified of any changes to these plans.

Critical SHA-256 testing to occur from June to August

To ensure compliance with industry standards, we strongly encourage you to have your systems SHA-256 compatible by June 17 2016. After this date, we’ll be conducting critical testing throughout August to prepare for the full cutover to SHA-256 on September 30 2016. If you haven’t upgraded to SHA-256 by June 17 2016, you will experience service interruptions during testing. If you’re not certain whether your systems are SHA-256 compatible, please go to the 2016-2017 Merchant Security Roadmap Microsite to verify your status. We also encourage you to contact your web hosting company, e-commerce software provider, in-house web programmer or system administrator for assistance. We’ll send you a separate email in the next couple of weeks with more details on our testing procedures. 
 
For more information on all our security upgrades, please refer to the following FAQs or our 2016-2017 Merchant Security Roadmap Microsite.

How do I make these changes?

The details on the required changes and how to implement them can be found on our 2016-2017 Merchant Security Roadmap Microsite.

We encourage you to contact your web hosting company, e-commerce software provider, in-house web programmer or system administrator for assistance with these changes, if needed.

What will happen if I don’t make the changes by the due date?

If you have not made the necessary changes by the deadlines, you won't be able to accept payments with PayPal until you do so. The exception is change #1: IP Address Update for PayPal Secure FTP Servers, which will limit access to reports from PayPal’s SFTP server if the change is not made.

We encourage you to contact your web hosting company, e-commerce software provider, in-house web programmer or system administrator for assistance with these changes. If not supported, please contact us by clicking the Help & Contact link at the bottom of any PayPal page or by visiting the Technical Support Portal to submit a ticket. Select “Security Changes (TLS/Certificate)” within the Product drop-down. 

As a leading payment provider, we’re committed to continually investing and innovating to deliver to customers the strongest protection possible. Thank you for your support of our commitment to maintain the highest security standards for all our global customers.

 

completed

Yes! We are compliant with the upcoming PayPal upgrades. 

Official response from

Share this post

Showing 1 reaction

How would you tag this suggestion?
Please check your e-mail for a link to activate your account.