Study Guide
Table Of Contents
- PayPal Certified Developer Program Study Guide
- Contents
- List of Tables
- Online Payment Processing
- Internet Security and Fraud Prevention
- Why Every Business Should Be Concerned About Internet Fraud
- Liability for Internet Fraud
- Internet Fraud: What It Is and How It Happens
- Who Is at Risk for Online Fraud
- Reducing Exposure to Fraud
- What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
- What PayPal Is Doing to Protect Your Business Against Fraud
- Disclosure and Compliance
- PayPal Fraud Protection Services
- Review Questions
- Getting Started With Account Setup
- API Credentials
- Name-Value Pair (NVP) API
- Express Checkout
- Direct Payment API
- Transactions
- Sandbox Testing
- Answers to Review Questions
- General Reference Information
- Glossary
- Index
Internet Security and Fraud Prevention
Liability for Internet Fraud
2
24 March 2008 PayPal Certified Developer Program Study Guide
trade publication, estimates the rate of credit card fraud to be 18 cents to 24 cents per $100
USD of online sales – three to four times higher than the overall fraud rate.
The threat of online fraud is so pervasive that the U.S. government now mandates security
requirements for businesses that handle financial information online. Today these regulations
apply mainly to the banking community, but as an internet merchant you access the financial
networks for each transaction made on your site. As a result, security at the point of sale is
becoming an increasing concern for both credit card associations and the government.
Credit card associations, for their part, hold merchants liable for fraudulent transactions
because the credit card isn’t physically present during online purchases. So merchants must
take additional steps against online fraud. Credit card associations can impose stiff penalties
for fraud – expenses on top of stolen goods and related shipping costs.
Moreover, American Express, Diners Club, Discover Card, JCB, MasterCard International and
Visa U.S.A. have adopted the Payment Card Industry (PCI) Data Security Standard developed
to protect account and transaction information of cardholders. The PCI standard requires
merchants to adhere to a set of information security requirements or risk substantial fines.
Security must therefore be a key concern.
Liability for Internet Fraud
In the offline world, you can take steps to safeguard your transactions by getting a signature
and authorization, thereby shifting the liability of the transaction to the card issuer. In the
online world, the liability for a fraudulent transaction always rests squarely with the merchant.
Online transactions are considered card-not-present transactions and are inherently riskier. The
financial consequences for a merchant who processes a fraudulent online transaction can be
significant:
z Inventory loss and shipping costs for physical goods that are fraudulently purchased and
then delivered
z Chargeback penalties assessed by the acquiring bank of $15-$30 USD per fraudulent
transaction
According to Gartner Group estimates, merchants reject an estimated 5% of all transactions
out of suspicion of fraud, while only 2% of transactions are actually fraudulent. The result is a
significant amount of lost sales (up to 3% of sales volume) in an attempt to reduce fraud risk.
In addition to losing product and paying chargeback penalties, your business also faces costs
due to fraud:
z Higher discount rates assessed as a result of processing fraudulent payments
z Labor cost for the merchant to investigate and resolve the chargeback
z Five- to six-figure card association fines or cancellation of a merchant’s account when card
fraud rates are consistently high
Implementing better tools and raising awareness can help you reduce lost revenue by turning
away fewer legitimate customers who seem suspicious. You can also resolve chargebacks