Study Guide
Table Of Contents
- PayPal Certified Developer Program Study Guide
- Contents
- List of Tables
- Online Payment Processing
- Internet Security and Fraud Prevention
- Why Every Business Should Be Concerned About Internet Fraud
- Liability for Internet Fraud
- Internet Fraud: What It Is and How It Happens
- Who Is at Risk for Online Fraud
- Reducing Exposure to Fraud
- What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
- What PayPal Is Doing to Protect Your Business Against Fraud
- Disclosure and Compliance
- PayPal Fraud Protection Services
- Review Questions
- Getting Started With Account Setup
- API Credentials
- Name-Value Pair (NVP) API
- Express Checkout
- Direct Payment API
- Transactions
- Sandbox Testing
- Answers to Review Questions
- General Reference Information
- Glossary
- Index
PayPal Certified Developer Program Study Guide March 2008 149
Answers to Review Questions
Chapter 2
A
8. The left column in the table lists the PCI data security standards. The right column contains
a list of requirements. Indicate which requirements meet each standard. (Note: Each
standard has one or more requirements.)
9. Define the following standard antifraud features included with each PayPal Payflow
Gateway solution.
– Card security code. A three- or four-digit number printed on the physical card, which a
customer provides to you at checkout.
– Address verification system (AVS). A system that verifies the credit card holder’s
personal address and billing information.
10.Indicate if each statement is True (T) or False (F).
T PayPal’s Basic Fraud Protection Service is the ideal solution for merchants who
process low transaction volumes through a Payflow payment gateway, while the
Advanced Fraud Protection Service is essential for businesses processing medium-
to-high transaction volumes.
T Both the Basic Fraud Protection Service and the Advanced Fraud Protection Service
catch common fraud warnings like high dollar amounts, high quantities, and
shipping/billing address mismatch.
T To support automatic rejection lists and automatic acceptance lists, you need to
upgrade to PayPal’s Advanced Fraud Protection Service.
F Correct answer: The PayPal Account Monitoring service is an upgrade option that
provides full-time protection to keep an eye on suspicious activity related to credits
and refunds.
Response Standards Requirements
8, 11 Build and Maintain a Secure Network 1. Restrict physical access to cardholder data.
2. Regularly test security systems and processes.
3. Develop and maintain secure systems and
applications.
4. Encrypt transmission of cardholder data and
sensitive information across public networks.
5. Protect stored data.
6. Assign a unique ID to each person with computer
access.
7. Use and regularly update antivirus software.
8. Do not use vendor-supplied defaults for system
passwords and other security parameters.
9. Track and monitor all access to network resources
and cardholder data.
10. Maintain a policy that addresses information
security.
11. Install and maintain a firewall configuration to
protect data.
12. Restrict access to data by business need-to-know.
4, 5 Protect Cardholder Data
3, 7 Maintain a Vulnerability
Management Program
1, 6, 12 Implement Strong-Access Control
Measures
2, 9 Regularly Monitor and Test Networks
10 Maintain an Information Security
Policy