Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

nlct

PayPal Standard Module encrypted payments no longer supported

Recommended Posts

I have the PayPal Payments Standard module installed with Encrypted Website Payments enabled. My public certificate expiry date was yesterday, so the day before I created a new private key and public certificate pair, but when I tried to upload the new public certificate to my PayPal account (Account Settings -> Website payments -> Encrypted Payment Settings) the "Update" link lead to a 404 page not found response. I raised an issue about this with PayPal but their technical support replied:

Quote

I apologize for any inconvenience, but this functionality is not longer available. If your shopping cart or site provider requires this, you may need to contact them to inquire about other options.

I'm concerned that simply switching off encryption is insecure (the customer's private details may be intercepted by an eavesdropper or a customer may fraudulently alter the payment totals to reduce the price). What other options are available?

 

Regards

Nicola

Share this post


Link to post
Share on other sites

Update: the PayPal merchant support has confirmed that PayPal Payments Standard is still available but the encrypted payments option is no longer available. The link in the Encrypted Payments setting in the PayPal business account is still producing a 404 response (both on the live and sandbox site).

I've tried a test transaction with the sandbox. With encryption switched off in the PayPal configuration setting in osCommerce, the payment details are successfully (but insecurely) transmitted to PayPal. With the encryption setting on, the user (on clicking on the continue button at the checkout) is directed to the sandbox PayPal page with the title "JupyterHub" and the page content:

 

 

Quote

 

404 : Not Found

Jupyter has lots of moons, but this is not one...

 

With the live site, I get the more informative response "The certificate has expired. Please use a valid certificate." Which naturally I can't do, since it's not possible to upload the new certificate.

If anyone has PayPal Standard Module with the encryption setting on, does it still work for you? I'm guessing that it may continue to work until the current certificate expires.

Share this post


Link to post
Share on other sites

I have never used the Encripted website payments section of PayPal. Security on the main setup is sufficient IMO


Live shop Phoenix 1.0.8.4 on PHP 7.4 Working my way up the versions.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×