PayPal sent an email to its customers on Friday notifying them of changes it will soon implement. Beginning September 1st, it will no longer make available two of its reports it had previously made available to merchants. And in October, it will begin using Certificates issued from DigiCert Global Root G2 Chain and offered advise that confused recipients of the email.
On Reddit, one user asked for someone to explain what PayPal meant regarding the certificates in a thread titled, “Please explain this like I’m five.” After posting the information from the email, they asked, “What action, if any, do I need to take?”
People had also questioned a similar notification PayPal made in April, such as a thread on the PayPal community discussion boards titled, “Do we have to buy DigiCert to be able to use paypal?”
We searched PayPal’s help files for the term: “DigiCert Global Root G2 Chain” without success. Some people replying on discussion board threads indicated that old computers and devices might have problems but probably not the majority of merchants with online stores on platforms like Shopify, which would likely take care of the issue on behalf of merchants. (See the latest Letter to the Editor to find out what happened when a seller asked a PayPal customer service rep what it meant.)
Digicert explains Digital Certificates on its website. The fulltext of the PayPal email follows below:
Updates to your PayPal Account
Hi (Redacted),
We want to make you aware of recent changes that are relevant for your PayPal account. Your updates are summarized below.
Legal & Pricing Updates
We are discontinuing the Subscriptions Agreement Report (SAR) and IPL – Inventory profit and loss reports for all merchants. After August 31, 2024, merchants will no longer be able to subscribe to or request these reports from their accounts.
Following DigiCert’s direction PayPal will start using Certificates issued from DigiCert Global Root G2 Chain. We are requesting you to add DigiCert Global Root G2 to truststores that are used to connect to with PayPal. PayPal will begin to use certificates with the Root G2 Chain from October 2024. More information and required steps can be found below:
DigiCert root and intermediate CA certificate updates 2023
Our ongoing focus is to help your business thrive. For additional resources, check out the links below.
Thanks for being a valued customer,
The PayPal Team
As platforms such as Bigcommerce and Shopify typically manage site certificates for smaller merchants who do not own their own certificates, doubt this will be an issue for anyone not hosting their own eCommerce site.
Anyone selling items on site’s such as Bonanza, eBay, Etsy, Mercari, and Poshmark will also be unaffected because venues such as these own the shopping carts, manage payment processing, and own site certificates.
On the other hand, if the operating system on your computer is older than Windows 7, or you are using a Linux distribution that is older than 2014, you might have an issue because outdated operating systems no longer receive security updates.
If your Internet browser is current and you are receiving updates for it, you will likely experience no issues resulting from an expired root certificate.
The following site page explains it all in plain English.
https://scottiestech.info/2024/04/30/why-paypal-is-telling-you-about-the-digicert-global-root-g2-chain/
I was the one who wrote the letter to the editor referenced in this article. I opened a BBB complaint at that time, and finally received a response from PayPal. The agent who responded also denied the e-mail in question came from them. They said it was sent by an “online criminal.” I guess that last part is actually true!