Study Guide
Table Of Contents
- PayPal Certified Developer Program Study Guide
- Contents
- List of Tables
- Online Payment Processing
- Internet Security and Fraud Prevention
- Why Every Business Should Be Concerned About Internet Fraud
- Liability for Internet Fraud
- Internet Fraud: What It Is and How It Happens
- Who Is at Risk for Online Fraud
- Reducing Exposure to Fraud
- What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
- What PayPal Is Doing to Protect Your Business Against Fraud
- Disclosure and Compliance
- PayPal Fraud Protection Services
- Review Questions
- Getting Started With Account Setup
- API Credentials
- Name-Value Pair (NVP) API
- Express Checkout
- Direct Payment API
- Transactions
- Sandbox Testing
- Answers to Review Questions
- General Reference Information
- Glossary
- Index
Internet Security and Fraud Prevention
What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
2
28 March 2008 PayPal Certified Developer Program Study Guide
automatically and continuously review only the suspicious orders, before you process them,
allowing time to make an informed decision.
Account Level
Make sure that only authorized users have access to your payment gateway account, and be
alert for suspicious account access patterns.
Lock down administrative access. With PayPal Fraud Protection Services, you can limit
access to high-risk administrative transactions, such as issuing credits. You should also change
your account password on a regular basis.
Monitor account level activity for suspicious patterns. Watch your account for signs of
unauthorized access, which could indicate merchant account takeover. Account Monitoring
from PayPal offers affordable, customized, live account monitoring staffed by experienced
fraud professionals. The service can help you catch account takeover before it does any
damage, whether the takeover is due to a hacker or fraudulent employee usage of your service.
Network Level
Ensure your network or “perimeter” is defended against unauthorized access.
Lock down network access. With PayPal Manager, you can ensure that only IP addresses
you select have access to your network.
Update all patches on servers and operating systems. Invest in regularly scheduled
security audits or port scans to identify network vulnerabilities. PayPal Fraud Protection
Services offers a free network scan from Qualys, included with every Basic or Advanced
PayPal Fraud Protection Service.
Monitor firewall activity. Enterprise e-commerce companies should also monitor their
network’s perimeter security on a 24-hour basis.
What Banks and Card Associations Are Doing to Prevent Online
Credit Card Fraud
Consumers shop online for convenience and speed, but historical authentication requirements
have often proved to be cumbersome, time-consuming, and ineffective.
New buyer authentication programs, such as MasterCard® SecureCode, and Verified by
Visa®, provide more streamlined and customer-friendly authentication through passwords.
These programs enable you to gain liability protection by prompting consumers to provide a
password with their card issuers at checkout, similar to providing a PIN number for ATM
transactions. Transactions in which consumers authenticate themselves to issuers effectively
shift liability from the merchant to the issuer. Merchants are not held liable for fraudulent
transactions processed using buyer authentication.
PayPal’s suite of Fraud Protection Services makes it easy for you to take advantage of this
powerful system. (Check with your internet merchant account provider directly to determine if