Merchant Security Upgrade Testing

Over the next few months, we will be conducting a series of tests to emulate the upgraded security protocols as outlined on this site, so that merchants can understand the areas of their integration that still require work.

If you have already made the requested upgrades, your systems will not be impacted. For merchants who have not made the required upgrades, we encourage you to do so as soon as possible to avoid service interruption.

Merchant Security Roadmap

The information that follows is of a highly technical nature and should be reviewed by one of the following:

  • Your web hosting company
  • Your e-commerce software provider
  • Your in-house web programmer/system administrator

In a Nutshell...

To prepare for the Payment Card Industry (PCI) mandated security upgrade deadline of June 2018, PayPal plans a series of tests to verify that our API endpoints meet the latest security standards. If you have already upgraded your integration to the highest security protocols, you should not experience impacts from our testing. However, if you have not upgraded your PayPal integrations to comply with these standards, service interruptions will occur during our testing windows. To avoid service impacts, it is VITAL that you upgrade your systems, as outlined in this site, before the June 2018 deadline.

What do I need to do?

Round 2 of our Merchant Security Upgrade Testing

Starting in May 2018, PayPal is performing weekly smoke tests in preparation for the final upgrade to TLS 1.2. These tests will last one hour per endpoint, and will increase in duration as we near the June 2018 deadline. If your integration is not TLS 1.2 compatible during this testing window, your connections will fail. Please contact your technical staff or consult a technical consultant to facilitate the necessary changes prior to our final, permanent upgrade starting in June 2018.

Technical Details

For upgrade details, see the TLS 1.2 and HTTP/1.1 Upgrade microsite.

FAQs

When can I test my integration?

Now. The PayPal Sandbox testing environment has been fully updated and can be used to verify that your integration is ready. Review the individual topic pages on the site for more details about how to test your systems and verify their readiness.

How do I know my integration is secure?

If you have not upgraded your PayPal integrations to comply with these standards, service interruptions will occur during our testing windows. To avoid service impacts, it is VITAL that you upgrade your systems, as outlined in this site, before the June 2018 deadline. Please review the Merchant Security Roadmap as well as our Security Guidelines and Best Practices to ensure your integration is as secure as possible.

UPDATE

PayPal completed Round 1 of testing in April 2018. Round 2 is beginning in May 2018. If you are impacted during these testing windows, you must upgrade your system integrations IMMEDIATELY to avoid interruptions when we permanently upgrade in June 2018, to meet the PCI-mandated standards.