XF 1.5 Paypal Upcoming security upgrades - 2016


Active member
Coming soon.

We understand how busy this time of year is for you. In addition to preparing for the holiday shopping season, you’re probably looking ahead to 2016. As you plan for next year, we want to share with you some security upgrades PayPal is making in the New Year. More importantly, we want to let you know why we’re making the upgrades and what the changes mean to you.

Why are security upgrades necessary?

The Payment Card Industry (PCI) Security Standards Council recently made changes to their Data Security Standards. These standards affect millions of businesses that handle credit card information, accept electronic payments or provide services to those businesses who do. The PCI Security Standards Council is strongly encouraging hosting providers, such as PayPal, to retire versions of a security standard called Transport Layer Security (TLS) that are older than version 1.2. The security standard TLS and its predecessor Secure Sockets Layer (SSL) are encrypted code designed to secure communications over a computer network.

These changes do not imply that our systems are not secure today. You can feel safe when using PayPal. We monitor every transaction, 24/7 to try to protect against fraud and identity theft. The purpose behind these industry-wide changes is to help ensure businesses remain protected against future vulnerabilities. Due to our strong commitment in maintaining high security standards for our customers, we value the PCI Council’s recommendation and have also identified other security changes that we’re enhancing next year.

What changes are being made and when?

The following are technical changes that may require some upgrades to your system. Please share this information with your development team or hosting provider.

Screen Shot 2015-12-02 at 12.09.47 PM.png

To help you navigate through these technical changes, we created the 2016 Merchant Security Roadmap. The website offers detailed information about each of the upcoming changes, including dates when these changes are scheduled* and security best practices.

What do I need to do now?

While there’s still some time before these changes go into effect, here’s what you can do now. If you’re not using a hosted shopping cart or partner, please consider doing the following to prepare for these changes:

  1. Incorporate this work into your 2016 technology update plans by engaging with your technical or web development team.
  2. To see if you’re already compatible with these security upgrades, test your configuration in the PayPal Sandbox.
How do I know if I’m already compatible with these security upgrades?

You can test your system now! We’ve created new, temporary Sandbox endpoints that are configured with the latest security standards. Go to the PayPal 2016 Merchant Security Roadmap for easy to follow instructions on how to test endpoints in the Sandbox environment today.

If you’re not sure what upgrades your system may require, no worries – we’ve got that covered. We’ll write you again in January with more specific details about what these changes mean to your system. In the meantime, we encourage you to review the PayPal 2016 Merchant Security Roadmap.


XenForo developer
Staff member
The only one that would affect us (I believe) is the Sep 30 IPN only allows HTTPS change, but we already use HTTPS, so no changes should be necessary.