Kryptronic Software Support Forum

I just received this email from paypal.  Is this something we need to be concerned with if running Click Cart version 8.x ?

PayPal security upgrade progress.

Jeff XXXXXX,

As a leading payment provider, security is our number one priority and PayPal continually invests and innovates to deliver the strongest protection possible.  In some instances, this means adapting to our environments and upgrading merchant integrations to the current industry standards, like those set by the Payment Card Industry (PCI) Security Standards Council. We appreciate your patience and support of protecting our customers and their payments.

To better assist customers with these security updates, we’ve created the following materials to further clarify this technical update:

     2016-2017 Merchant Security Roadmap

     TLS 1.2 and HTTP/1.1 Upgrade Roadmap

    PayPal security guidelines and best practices

We also encourage you to speak with your web hosting company, e-commerce software provider or in-house web programmer/system administrator for further assistance in implementing these changes, if needed.

Scheduled change dates provided in this email and on the TLS 1.2 and HTTP/1.1 Upgrade Microsite are subject to change. Please monitor our TLS 1.2 and HTTP/1.1 Upgrade Microsite for the most up-to-date information.

Below are a few key points concerning security updates we will begin implementing after June 30, 2017 and we strongly recommend your systems be compatible to ensure your business is not disrupted:

    The PayPal Sandbox, or testing environment, has been upgraded to allow only TLS 1.2 and HTTP/1.1 connections.

    All  production endpoints will be updated to accept only TLS 1.2 and HTTP/1.1 connections after June 30, 2017.  Please note that if you haven’t made the necessary upgrades to your systems to become compliant, your business will be unable to accept payments with PayPal until the required changes have been made.

    A  verification endpoint is available, which can be found at https://tlstest.paypal.com and has the latest security standards so customers can quickly check if their systems are ready to accept transactions after June 30, 2017.

There are four remaining areas that our security upgrades will impact and we’ve identified the areas that need your attention. The chart below shows whether you’ll need to make changes, or if your business is already compliant or doesn’t use that functionality:

TLS 1.2 and HTTP/1.1 Upgrade – Complete by June 30, 2017
Update Needed: Yes

IPN Verification Postback to HTTPS – Complete by June 30, 2017
Update Needed: No

Discontinue Use of GET Method for Classic NVP/SOAP API’s – Complete by June 30, 2017
Update Needed: No

Merchant API Certificate Credentials Upgrade – Complete by January 1, 2018
Please note that this may be completed earlier based on the expiration date of your certificate
Update Needed: No

IP Address Update for PayPal Secure FTP Servers – Completed as of May 12, 2016

SSL Certificate Upgrade – Completed as of October 18, 2016