Welcome to Curious Business

Every Friday, I post a small insight into running Curio City and/or Blue Hills Editorial Services. My most recent posts are directly below. You can also start with the first post, or use the subject labels to the right to home in on particular topics. Feel free to comment on anything that interests you.
Add to Technorati Favorites

Friday, March 25, 2016

PayPal Is Still Trying to Kill Me

PayPal is threatening to cut me off again -- Not for the first time, or even the second time. I think their issue is the same as it was last May. 

We recently announced several security upgrades planned for this year, some of which may require you to make changes to your integration. You’re receiving this email because we’ve identified areas of your integration that may need to be upgraded.
What you’re about to read is very technical in nature – we understand that. Please contact the parties responsible for your PayPal integration, or your third party vendor (for example, shopping cart provider, and so on) to review this email.

They helpfully included a table showing action items flagged "Yes" if you need to make a change or "No" if you don't. Mine looked like this:

·         SSL Certificate Upgrade to SHA-256: YES
·         TLS 1.2 and HTTP/1.1 Upgrade: YES
·         IPN Verification Postback to HTTPS: NO
·         IP Address Update for PayPal Secure FTP Servers: NO
·         Merchant API Certificate Credential Upgrade: NO
·         Discontinue Use of GET Method for Classic NVP/SOAP APIs: NO

The two items flagged as deficient are something I understand in a general, non-technical way, because they're the same thing that they panicked me over last May. I double-checked with my web host anyway; MDD Hosting verified that their server and my SSL certificate both meet PayPal's encryption standards. I wonder if they reversed their YES/NO flags -- what if "NO" means "No, you aren't compliant" instead of "No, you don't need to do anything"? I hope that isn't so because I don't understand those last four items at all, beyond knowing that they are shopping-cart specific (and hence Turnkey's problem).

Since the email didn't include any way to respond, I logged into my PayPal business page and used their Help contact form to ask for clarity. After a few hours I received an automated reply with some boilerplate that didn't come anywhere near my question, but it did say " If the following information doesn't answer all of your questions, please reply to this email and one of our customer service representatives will be happy to assist you. ". I hit Reply, pasted in the same question, and sent it off again. 

No response at all. So much for clarity. 

In case you've forgotten, PayPal is my credit card processor. If it breaks I won't be able to accept any payments at all. I choose to assume that their email is right -- that the first two items are the ones that supposedly need attention, and that I already addressed these so-called problems last summer. Either my website is going to break or it isn't, and I won't know for sure until June. 


As long as I'm hating on PayPal...I got my first chargeback this week. A customer reported an unauthorized charge to her credit card company instead of asking me about it. The USPS showed her package as undeliverable and being returned to sender. Refunding her money is annoying, but as long as I get my merchandise back I'm only out the transaction fee ($0.90) and the shipping charge ($2.60). But because she initiated a chargeback instead, PayPal skinned me an additional $20. Should I have disputed the chargeback rather than accepting liability? Other banks have charged me as much as $25 at each stage of the dispute process, and then invariably decided against me anyway, so I decided to cut my loss rather than risk more penalties. I couldn't refund the money without accepting liability so there was probably no avoiding that $20 penalty. 

Based on the item that she bought (Glovin' It), the "unauthorized charge" was probably made by a child (assuming it was really unauthorized in the first place). A real thief would have spent more than $20...although the undeliverable address is suspicious. Maybe it was a real child thief.


The annual Cavalcade of Crap is coming up again next weekend. Pretty sure I'm not going to bother attending since (a) I'm already $4,600 in debt, and (b) jury duty is going to pull me away from work for at least one day next week, and potentially longer. Maybe I'll change my mind at the last minute and slog through that sad little trade show yet again, but that debt is going to be with me well into the summer. It's kind of pointless if I can't buy anything.

No comments:

Post a Comment

What do you think? Leave a comment.

Google Search