eCommerce Sécurité

vulnérabilité SSL 3.0 Secure Sockets Layer

Une action immédiate nécessaire, suite à la vulnérabilité SSL 3.0 (Secure Sockets Layer).

Plusieurs d’entre nous ont reçu ce message de PayPal :

 

Immediate action required vulnerability Secure Sockets Layer (SSL 3.0)

Dear Customer,

On Tuesday, October 14, 2014, details were released about a vulnerability to version 3 of Secure Sockets Layer (SSL 3.0). Since that time, PayPal has been hard at work to mitigate any potential impact to our consumers and merchant customers.

To help mitigate risk associated with this vulnerability, PayPal will discontinue support for SSL 3.0 on December 3, 2014 at 12:01 a.m. Pacific Standard Time. Unfortunately, this necessary step may cause compatibility problems resulting in the inability for customers to pay with PayPal on your site or other processing issues.

We wouldn’t have been able to extend our support of SSL 3.0 to December 3, 2014, at 12:01 a.m. PST if we hadn’t also been able to take significant steps to migrate the risk of this vulnerability for our customers. We want to assure our customers we have seen no evidence that the SSL 3.0 issue has led to any compromise of security at PayPal.

Keeping our customers’ accounts, data and money secure is PayPal’s top priority and a guiding principle when we make challenging decisions, like this one.

We’re here to help our merchants through this process. We’ve put together a comprehensive Merchant Response Guide to ensure systems are secure from this vulnerability.

What do I need to do?

If you don’t manage website integrations for your business, we strongly encourage you to work with your website service partner (developer, hosting company or e-commerce platform, etc.) and share the Merchant Response Guide, which provides the basic guidelines on how to update to Transport Layer Security (TLS). If your website service has questions or need support, advise them to contact our Merchant Technical Support.

Thank you for your prompt attention to move this issue and understanding of our approach. Though we recognize this necessary step may cause compatibility issues, we can’t stress enough that this short-term inconvenience is heavily outweighed by our joint promise to our respective customers that we will keep their accounts and financial details safe. We plan to keep our customers up to date on how we are addressing this issue via the appropriate channels, including PayPal Forward, our Twitter handle, Customer Service and for merchants, through our Merchant Services team.

For technical assistance, please call 855-489-0342, for quicker routing please contact from a phone number on your PayPal Account. They are available Monday thru Friday from 8:00am to 6:00pm CST.

We appreciate your patience and understanding as we work around the clock to better serve you and keep you and our consumers safe.

 

Et on se demande si nous avons quelque chose à faire pour ceci?

La réponse est oui!

Si vous utilisez un CMS avec un module comme PayPal vous devez faire la mise à jour le plus tôt possible pour assurer que vous n’êtes pas vulnérable pour cette vulnérabilité. Date limite le 3 décembre 2014.

Pour Prestashop et son module PayPal à partir d’aujourd’hui 17 novembre le module a une nouvelle version prête à télécharger ou mettre à jour sur son admin Prestashop.

Si vous n’êtes pas sur de la version de votre système ou vous avez de doutes, Que devez-vous faire?

Je vous encourage vivement à travailler avec votre partenaire de service du site Web (développeur, intégrateur, société d’hébergement ou plateforme e-commerce, etc.) et partager le Guide d’intervention Merchant, qui fournit les lignes directrices de base sur la mise à jour du système.