PayPal and Its Impending Changes to the IPN

If you utilize PayPal for your e-commerce site, then you would have received an email detailing some upcoming changes with the PayPal system. This includes changes related to the PayPal IPN requirements.

What Does this PayPal Notice Mean?

As it is with all technology today, there are advances that are made to improve security and reliability in the Internet world. What PayPal is currently implementing are stronger security protocols for their system. This will have a positive effect due to the upgrades in encryption and protection of data. PayPal is informing you about this change because it might require some updates with your website, web host, or SSL provider.

So What Do I Have to Do?

What is required of you is to check two things with your current web host (or the system administrator of your web server) to make sure your server is updated to match the new security measures. You will need to make sure your SSL certificate is updated and that the server that is hosting your site utilizes proper connections for PayPal. If neither of these terms meets PayPal’s new requirements, your website will be unable to use PayPal’s services. If a customer attempts to use PayPal features on your website, an error might occur.

Updates That Involve Your Web Host and SSL Provider

Here are the two questions to ask your Web Host or System Administrator to check:

  1. Ask your website host to verify that the VeriSign G5 Root certificate is included in the root store that is being used by your code. If so, then no action is required. If it is not using the G5 Root certificate, send a request to your host or admin to have them update and implement it to the code. Some web hosting companies may already be assisting with this, or a nominal fee might apply for a server admin’s help.
  2. This one involves your SSL certificate. The SSL certificate is what secures your checkout with an HTTPS:// URL. Ask your web host or SSL provider to check that your current SSL certificate is using the SHA-256 Encryption method. If your certificate has the outdated SHA-1 method you will need to replace your certificate with a new one that is updated to SHA-256 format. This usually requires you to purchase a new SSL certificate or pay for the renewal early.

Some Updates Might Involve Software

Since each website is different, your needs will vary. In some cases, it may be required to upgrade or patch some software on your website. For example, if your shopping cart has a special plugin for PayPal installed, there might be an upgraded version available. Follow the instructions of that software provider or contact your website developer for help. If you do not have anything dynamic installed on your site that connects with PayPal, this won’t apply.