Victor Font Consulting Group, LLC

Digital Business Strategists

Call Us Toll Free:

1-844-VIC-FONT (842-3668)

You are here: Home / eCommerce / Does PayPal’s SHA-256 Email Concern You?

Does PayPal’s SHA-256 Email Concern You?

By
Leave a Comment

HTTPS image courtest of FreeImages.com/Svilen MilevQuite a few of our customers that operate eCommerce sites have emailed to ask if they need to be concerned about a message they received from PayPal regarding an upcoming security change. The message reads as follows:

REMINDER: ACTION MAY BE REQUIRED: Payflow service upgrades for merchants

We’re contacting our merchants with a reminder about some important information in response to an industry-wide security upgrade which is not unique to PayPal. This change involves upgrading Secure Sockets Layer (SSL) certificates for payflowpro.paypal.com to the SHA-256 hashing algorithm in October 2015.

Because these changes are technical in nature, we advise that you consult with your partner, website vendor, or individuals responsible for your Payflow integration. They will be able to identify what, if any, changes are needed. If you do not have a technology team, we recommend you find one, and we can work with them to ensure you continue to process payments through your current integration with Payflow.

Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

Questions can be directed to our Merchant Technical Services team on our Technical Support website. Click here for more information.

Thanks for your patience as we continue to improve our services.

For the most part, this isn't anything to be concerned about. This change has been coming for a while. Because of security concerns, the eCommerce industry in general is phasing out support for the old 1024-bit SSL (https) certificates (SHA-1) in favor of the newer 2048-bit certificates (SHA-256). Google Chrome is deprecating support for SHA-1 by the end of 2015, and all support for SHA-1 will be deprecated by the end of 2016.

If you have any concerns whatsoever that your site might have an old style SSL certificate, you can run a site check at http://www.networking4all.com/en/support/tools/site+check/. The site check reports on the security type and strength of the SSL certificate installed on your server.

Reader Interactions

VictorFont.com runs on the Genesis Framework

Genesis FrameworkThe Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Check out the incredible features and the selection of designs. It's that simple—start using Genesis now!

Click here to download The Genesis Guide for Absolute Beginners (PDF - 1.4 MB)

Leave a Reply

Your email address and website will not be published. Required fields are marked *
Posting a comment means that you agree with and accept our Comment & Product Review Policy