Magento Paypal payments may break after June 17th

Paypal announced they will activate a new security policy on June 17th. Shops that use old SSL software will not be able to process Paypal payments after June 17th.

Update: the policy has been postponed to October 1st, 2016

1 out of 5 incompatible

As of June 15th, there are 194.000 global Magento shops that use SSL. About 20% have old, incompatible SSL certificates. Scan by Magereport.

paypal incompatible shops

Md5 and sha1 are absolutely outdated technologies, which are rightfully outlawed by Paypal.

Interestingly, there are also 61.000 shops who do not use SSL at all.

Who is not affected?

You are probably safe if your shop uses a major Payment Service Provider (such as Adyen), in which case your shop does not talk directly with Paypal.

How to fix?

Blatant self promotion :) Move your shop to a competent Magento hosting company who resolves these things so you don’t have to worry about it.

If you are stuck with a regular hosting company (or manage it yourself), see the excellent instructions by Anna Volkl.

I am the creator of MageReport and have been tracking payment skimmers since 2015. My company Sanguine Security provides security solutions for online stores. If you need a solid cleanup & root cause analysis, do get in touch.