Frequently Asked Questions

PCI is for the Payment Card Industry Security Standards Council. The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The security of cardholder data affects everybody.

The breach or theft of cardholder data affects the entire payment card ecosystem. Customers suddenly lose trust in merchants or financial institutions, their credit can be negatively affected -- there is enormous personal fallout. Merchants and financial institutions lose credibility (and in turn, business), they are also subject to numerous financial liabilities.

 

June 30th, 2018.

30 June 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.

As a leader in payments, PayPal continually invests in technology to protect our customers’ information. Security and safety are our top priorities, and we are in the process of implementing a series of security upgrades throughout 2016 - 2018. These upgrades ensure our security measures continue to be a model for best practice and incorporate industry standards, including those set by the Payment Card Industry (PCI) Security Standards Council.
PayPal is saying in notices to customers (notice 1 example and notice 2 example) that April 30th is the timeline. In PayPal's testing schedule and information guides, they also reference the June 30th cut-off by the PCI Standards Council. To be safe, it would be best to take action immediately to prevent any disruption in credit card processing.
The upgrades will affect any systems that communicate and process credit cards with payment gateways such as PayPal Payflow. This means all ERP Platforms, eCommerce Systems, Recurring Billing Systems, CRM Systems will be affected.
PayPal has extended the timelines in the past because the PCI council extended them. The last time the deadlines were extended they were set with the expectation that they would not be extended again. PayPal has been taking all the steps this time around so as to meet their deadlines. Organizations processing credit cards through PayPal should plan to have their systems in full compliance and tested before the deadline.

If you do nothing by June 30th, 2018, it is probable you will no longer be able to process credit cards at that time.

During one of the scheduled tests at 8am PT on April 17th, 2018, customers accessing the payflowpro.paypal.com endpoint on one ERP system had their systems abruptly stop working. A screenshot of those errors can be seen below. 

MARTEC360, an industry leader in the marketing and technology solutions and services space, developed the solution and process behind PayflowPayments.com in order to solve the problem for a cluster of customers they work with. These organizations all run Everest Software, an ERP platform.

While working on the solution it became clear this challenge had far-reaching implications not just limited to the Everest community.

The following versions of Everest are all affected by this change. Version 7 may also be affected however Payflow Payments and MARTEC360 have not yet tested it.

Everest version 3.x
Everest version 4.x
Everest version 5.x
Everest version 6.x

In short, you will not be able to process credit cards.

On April 17th, at 8am PT//11am ET, PayPal ran test as part of their technical testing windows. Within minutes, multiple customers had reached out to MARTEC360 for support on why their credit cards were not working. During this same test, MARTEC360 populated the payment settings into the File > Setup > Accounting > Processors details window for our beta environment. While the live server was failing with an error "Denied:Failed to connect to host Input Server Uri=https://payflowpro.paypal.com", our server was providing "approvals".

If you would like to test it on your own ahead of time, follow the steps below.

1. File > Setup > Accounting > Processors
2. Select your process for payflowpro
3. temporarily change the processor from "payflowpro.paypal.com" to "pilot-payflowpro.paypal.com". 
4. process a test transaction with a credit card connected to the processor

The result will be a URI error. You will not be able to process credit cards without the PayflowPayments.com solution. 

Make sure to change your processor back to the "payflowpro.paypal.com" after this test so that in the meantime you are processing credit cards. 

The team here at Payflow Payments by MARTEC360 will send you a questionaire to better understand your environment. Based on that, we may provide recommendations on changes to your hardware. We will then get connected and correct problems with cryptography ciphers before updating your payment processors to use our gateway / solution.

Once we receive the questionnaire the process takes 1-2 business days.

The solution for Everest has a setup fee associated with each application server. The first application server has a $2500 setup fee. The remaining application servers will be charged at a reduced rate per server.

Becuase the solution operates as a service, there is also a yearly subscription fee of $1200. This subscription is per "Everest company" processing credit cards.

NOW! Why risk your business and wait any longer than you have to. By getting your spot confirmed in the implementation queue you can guarantee yourself a seamless transition into secure TLS1.2 processing.

MARTEC360, an industry leader in the marketing and technology solutions and services space, developed the solution and process behind PayflowPayments.com in order to solve the problem for a cluster of customers they work with. These organizations all run Everest Software, an ERP platform.

While working on the solution it became clear this challenge had far-reaching implications not just limited to the Everest community. 

To be more specific, it was identified that the challenges were going to exist for other ERP software providers like Sage along with eCommerce platforms (OSCommerce), recurring billing systems, and management platforms. Should you have a system not mentioned but are affected by the PayPal TLS1.2 update please reach out on the contact us page and tell us more about your situation. 

Depending on solution or technology, there may be some security updates and patches to have applied to your technology stack. Additionally, the processor host path will need to be updated to a path provided by the PayflowPayments.com team that can help with the communication to the PayPal gateway.

The team at PayflowPayments.com has identified Everest Software ERP, Sage ERP, and OSCommerce right out of the gates. The solution should be able to work for any system that talks to PayPal Payflow Pro or Payflow Link.

If you have found that your systems will be affected and your solution is not on the list, please connect with us so we can evaluate your solution needs and determine if PayflowPayments.com can help you with a solution. 

For Everest Software customers, we have found that the implementation can take 1-2 business days along with updating the host entries for the processor. Each system is a little different, some may take more or less time depending on testing time etc.
For any systems other than Everest Software, please contact us for specific pricing.
We strive for a 99.99% uptime which is why we are powered by a fully redundant AWS solution. In the event that support is necessary, ongoing support is included for all customers of PayflowPayments.com through our online ticketing system.
Through our online support ticketing system. Login credentials are established upon your go-live with PayflowPayments.com.

Please contact us if your system(s) are not addressed on the site and you believe you will be affected by the TLS1.2 upgrade.