PayPal warned merchants that its fix for a new security vulnerability may cause problems for shoppers trying to Pay for items on their websites.
PayPal’s Chief Technology Officer James Barrese took to the company’s blog to address a new vulnerability called POODLE. “The vulnerability impacts a protocol called SSL 3.0, which was designed to ensure secure connections when surfing on the Internet. When exploited, this vulnerability enables a cyber criminal to gain access to connections considered secure via this widespread (but 15-year-old) security protocol.”
As a result, PayPal will disable SSL 3.0 support in the coming days, “as soon as we reasonably can.”
That action could cause compatibility problems for a “few” PayPal customers, he warned, “resulting in the inability to pay with PayPal on some merchant sites or other processing issues that we are still identifying.”
Barrese said PayPal had no evidence that any of its customers had been compromised by the vulnerability. “We pledge to stay transparent and let you know if we discover anything else,” he said, and said the company would keep customers and merchants up to date through the PayPal Forward blog, Twitter, and Merchant Services team.
He referred customers to a Google blog post to learn more about POODLE.