New 2016 Paypal Merchant Security Upgrade

[fbraddon]

Just had email from PayPal on the upgrade due later this year

Only area identified as a problem with Prestahop integration is 

IPN Verification Postback to HTTPS

 

Help please

Do I have to install an SSL certificate to comply ?

 

[bellini13]

No, you do not need to be using HTTPS.  However the module that you are using, when it receives the IPN from Paypal, it actually sends a request to Paypal again to get the transaction details.  And it is that request for transaction details that now MUST be HTTPS.

[fbraddon]

Does Prestashop send the request automatically ?

Either I stop prestashop sending request for transaction details or I have to run Prestashop with an SSL certificate. It is only a very small shop run for a club linked via club website. The treasurer can easily log in to PayPal account & check transactions there are only 5 a week on average.

[bellini13]

No, you do not understand.  First I assume you are using Paypal USA or Europe module, which uses the IPN.  If you do not use a module that uses IPN then you don't even have to worry about this.

 

If the Paypal module you are using, uses the Paypal IPN, then that module will contact Paypal for transaction details.  And when the module does that, it will do so using a URL that begins with HTTPS.  That does not mean you need an SSL certificate on your server, it means that Paypal has one.

 

So you just need to confirm

1) what module you are using

2) does it use IPN

3) does it obtain the transaction detail using HTTPS

[robdido]

Hi,

 

I am using PayPal v3.10.2 - by Prestashop

 

When I configure it I do this

 

in Step 1 - * Choose Website Payments Standard

 

and in Step 3, I supply all my API details

 

Is this OK or will I need an SSL certificate.