PayPal Policy Change June 2017
New PayPal Policy Requires Secure Websites
Reports of data breaches and hacking of websites and email accounts have become routine recently. As more personal and financial data moves online, Internet retailers and service providers are making cyber-security a top priority.
As of June 30, 2017, websites using PayPal will be required to install an SSL certificate. PayPal is making this change to ensure that all information sent from your website is securely transmitted.
SSL (Secure Socket Layer) is software that adds security to your website by encrypting information. An SSL certificate is installed by your hosting company, sometimes at an annual fee and sometimes at no charge.
If your website already has an SSL certificate installed, you will see a lock icon to the left of the web address in your web browser, and your website address will start with “https” instead of “http”. The lock lets your customers know that they can enter credit card numbers and other information securely into your website forms.
Let Your Web Developer Handle the Technical Issues
My advice to small business owners is always to learn to update your website yourself. You should be able to perform routine tasks, such as changing prices or adding text and pictures without the help of a web developer.
However, some technical issues are best left to an expert, and this is one of them. While installing an SSL certificate on your website is not rocket science, it can be intimidating to a non-technical user. Your web developer is already familiar with SSL certificates and will be able to make the necessary changes more quickly and easily than someone who is inexperienced with website security.
Change Internal Links
After the SSL certificate is installed, you or your developer will need to check all internal links to be sure “http” has changed to “https” everywhere in the site. You can use this tool to check your site and display a list of pages with links that need to be updated.
You will also need to add a special link (called a canonical link) to the code at the top of each page in your site, which tells search engines that using “https” is the best way to get to your site.
TIP: If you have a WordPress website, you can install a plug-in to quickly check all internal links and add the canonical link all at once.
Download the plug-in here: https://wordpress.org/plugins/really-simple-ssl/
Submit a New Sitemap
A sitemap is a “map” of your website that is submitted to search engines to make sure all the pages in your site are properly indexed, so that they can appear in search engine lists. Typically, your web developer will do this for you.
If your developer has already created and submitted a sitemap of your website to Google, Bing and Yahoo, they’ll need to submit a new one after the SSL certificate is installed, since your website address has now changed to “https.”
Change Your PayPal IPN (Instant Payment Notification)
After your SSL certificate is installed and you website address has officially changed to “https,” you’ll need to check your PayPal settings to be sure PayPal is using the new address. Here’s how:
- Log into your PayPal account and open your Business Profile.
- Select Profile and Settings, then click My Selling Tools on the left.
- Look on the list for Instant Payment Notifications (IPN) and click the update link.
- If IPN is not enabled, click the Enable button, and then click Edit settings.
- Type your new URL (web address) in the Notification URL. Make sure it begins with https://
- Be sure Receive IPN messages (Enabled) is selected.
- Click the Save
You can find more detailed (and somewhat technical) information about the change in PayPal’s policy here: https://www.paypal.com/au/webapps/mpp/ipn-verification-https
If you don’t have a web developer and you need help with this or other technical issues related to your website, Pioneer Training provides these services to clients in western Mass. (www.ptraining.com)