PayPal Security Updates

May 11, 2016

PayPal is making several security updates to meet PCI Standards Group requirements over the next year. It is critical that your systems support these new standards by key dates to avoid any disruption of service.

All the changes are explained in PayPal’s 2016-2017 Merchant Security Roadmap Microsite. The first key deadline is June 17, 2016 for you to ensure that your SSL environment supports the use of the SHA-256 signing algorithm and VeriSign’s 2048-bit G5 Root Certificate. The microsite has more information on this change and other deadlines, which mostly fall in 2017.

Additionally, as of April 14, 2016, all the IP addresses used to systematically exchange files with PayPal’s Secure FTP Reporting / Batch Servers were changed. If your integrations are hardcoded to the previous IP addresses, you need to update them to avoid any issues.

Please review these changes with your Solution and Hosting Partners or internal technical team and make the SSL environment update by June 17 to ensure uninterrupted service.