Like many companies this morning, PayPal is scrambling to update its security protocols in light of a new security vulnerability called POODLE, which Google’s security team revealed last night.
In a blog post, PayPal CTO James Barrese wrote:
“So far, we’ve determined that we must disable SSL 3.0 support as soon as we reasonably can. Unfortunately, this necessary step may cause compatibility problems for a few of our customers resulting in the inability to pay with PayPal on some merchant sites or other processing issues that we are still identifying. However, we can’t stress enough that this short-term inconvenience is heavily outweighed by the PayPal brand promise of keeping our customers and their money safe. For us, it’s that simple.”
POODLE affects a vulnerability in Secure Sockets Layer 3.0, a common Internet browser security protocol. While many e-commerce sites have already upgraded to using Transport Security Layer, many still support SSL 3.0 — including PayPal.
Google’s security team reported that the best way to safeguard against a POODLE attack would be to disable support for SSL. As PayPal and others adjust security settings, we’ll likely see more reports that websites and certain web functions are temporarily out of sorts.