Are you one of the millions of businesses that use PayPal to accept payments online? If so, a recent security vulnerability may cause you some difficulties in processing those transactions.
Called "POODLE," the vulnerability affects Secure Socket Layer (SSL) 3.0, an 18-year-old Internet security protocol that creates secure connections while users browse the Web.
Although SSL 3.0 is an antiquated security measure — most companies now use the more secure Transport Layers Security (TLS) — many websites and most browsers still use it as a "fallback" or second layer of protection. Cybercriminals, on the other hand, can use POODLE to access and exploit SSL 3.0 secure connections. [10 Security Solutions for Small Business]
To address the POODLE vulnerability, PayPal announced that it will disable and remove SSL 3.0 from the PayPal website. This is in accordance with Google's own move and recommendation to stop using and completely get rid of the protocol.
PayPal warns, however, that the process may affect operations for some online merchants.
"Unfortunately, this necessary step may cause compatibility problems for a few of our customers resulting in the inability to pay with PayPal on some merchant sites, or other processing issues that we are still identifying," said James Barrese, chief technology officer at PayPal.
The disruption will only be short term, and the inconvenience is outweighed by the benefits of protecting customers' financial data and keeping their money safe, Barrese added.
So far, there have been no reports or other indications that POODLE has affected any merchant or customer accounts.
"Today, we have absolutely no evidence that any of our customers have been compromised by this vulnerability," Barrese said. Businesses facing trouble or who have any concerns should reach out to PayPal immediately.
PayPal continues to investigate the issue and promises transparency regarding the vulnerability and the SSL 3.0 removal process. Stay in the loop by following PayPal on Twitter @AskPayPal or the PayPal Forward blog.
Originally published on Business News Daily