0

We have the ability to use a Payflow Pro account to handle credit card transactions in our software, and one of our customers sent us an email that was sent to them from PayPal and I am just trying to figure out if this affects Payflow Pro accounts as I do not see any information relating to a certificate in our code. The code appears to be a post to their web service. I have performed a test with posting to their Pilot URL, but I am not sure that would be sufficient and want to make sure that we are covered when the official switch occurs. The code base is VB6 utilizing WinHttpRequest to perform the post in most cases, and there is also a smaller percentage that would post utilizing the Pay Flow Pro Com Control dll. Can anyone confirm whether or not Payflow Pro will be affected or provide any additional suggestions for testing purposes?

In keeping with industry standards set by the Certification Authority/Browser (CA/B) Forum, PayPal will discontinue supporting 1024-bit key length certificates and will migrate to 2048-bit certificates before the end of 2013. We have completed the installation of 2048-bit certificates for all API endpoints in our PayPal Sandbox and Payflow Pilot environments, and we will be doing the same for our production environments starting on August 5, 2013. A complete upgrade schedule is available here. We strongly encourage merchants to thoroughly test any existing integration(s) in the PayPal Sandbox and/or Payflow Pilot environments to ensure this migration will not cause any unforeseen issues.

Dave M
  • 1
  • 1
  • It's related to SSL certificates, I don't know enough about payflow to say what exactly could be affected, but if your software does any SSL connections directly to Paypal, that's where to look. – Joachim Isaksson Jul 29 '13 at 17:47

1 Answers1

0

If you're using any recent technology to send information to Payflow Pro, I'd say you have nothing to worry about. Especially if you've used their test environment. They are upgrading their SSL certificate when you post the information to Payflow Pro. There are technologies and SSL implementations in the wild that would not support this switch.

If you want to know for sure, edit your question with the technologies you're using to send the information to Payflow Pro.

Steven V
  • 16,357
  • 3
  • 63
  • 76
  • Hello Steven, I updated my post with the details of how the communication was being handled, and I would think that because our application is using a windows tool (used on an XP system for testing) to perform the communication and it is confirmed working in our test environment that there is little chance that our application would be affected. Does that sound correct? – Dave M Jul 30 '13 at 18:16
  • @user2631222 I'll be honest, I'm not familiar with WinHttpRequest and the VB6 world. I would imagine you should be okay since it would use the operating system's capabilities. You may want to edit your question and retag it with [vb6] and/or [winhttprequest] to have someone more knowledgeable answer your specific concerns. – Steven V Jul 30 '13 at 18:52