PayPal announces changes to website integration security

Last year PayPal announced changes to the way that its Instant Payment Notification (IPN) would work. As of 30 September this year (2016) they will no longer accept HTTP for postbacks – they will only accept HTTPS.

In jargon-free English, that basically means that PayPal are improving their security by forcing websites which send them information to have an SSL (Secure Socket Layer) certificate installed – this is the thing that changes a web address from ‘http://…’ to ‘https://…’.

This is a big change to PayPal processing and could impact your ecommerce websites. Here are the key points:

  1. if you already have an SSL certificate then you don’t need to worry.
  2. if you already do or are going to use PayPal on your website you will need to purchase an SSL certificate from your host, and get it installed and configured, by 30 September at the very latest.
  3. you need to secure at least your payments page with the SSL certificate.

What will happen if you don’t do this?

In a nutshell, your PayPal payments processing will stop working.

Is there anything you can do to avoid installing an SSL certificate?

Not if you want to keep using PayPal on your website.

Are there any alternatives to using PayPal?

Yes, but I haven’t found any yet which don’t use SSL.

Is there a silver lining to this cloud?

Oh yes.  Google have just announced that they will be increasing the ranking of sites that use SSL, so you could see your site jumping up the Google pages.

Where can I go for more information?

If you want to know more about the PayPal announcement have a look here.  If you want to know how to get an SSL certificate for your site you need to contact your web hosts.