Study Guide
Table Of Contents
- PayPal Certified Developer Program Study Guide
- Contents
- List of Tables
- Online Payment Processing
- Internet Security and Fraud Prevention
- Why Every Business Should Be Concerned About Internet Fraud
- Liability for Internet Fraud
- Internet Fraud: What It Is and How It Happens
- Who Is at Risk for Online Fraud
- Reducing Exposure to Fraud
- What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
- What PayPal Is Doing to Protect Your Business Against Fraud
- Disclosure and Compliance
- PayPal Fraud Protection Services
- Review Questions
- Getting Started With Account Setup
- API Credentials
- Name-Value Pair (NVP) API
- Express Checkout
- Direct Payment API
- Transactions
- Sandbox Testing
- Answers to Review Questions
- General Reference Information
- Glossary
- Index
PayPal Certified Developer Program Study Guide March 2008 33
Internet Security and Fraud Prevention
Disclosure and Compliance
2
In addition to adhering to the PCI Data Security Standard, compliance validation is required
for Level 1, Level 2, and Level 3 merchants, and may be required for Level 4 merchants.
N OTE: Level 4 merchants must comply with the PCI Data Security Standard. However,
compliance validation for merchants in this category is determined by the merchant’s
acquirer.
Additional Resources About Disclosure and Compliance
There are other online resources that can help you in developing your own disclosure policy
and meeting PCI compliance requirements. They include:
z The Privacy Planner from BBBOnLine helps you create a simple, solid, online privacy
policy for your e-commerce business: http://www.privacyplanner.com.
z The Direct Marketing Association (DMA) offers a small businessfriendly online privacy
policy generator: http://www.the-dma.org/privacy/privacypolicygenerator.shtml.
z The Federal Trade Commission offers valuable information on preventing identity theft at
http://www.consumer.gov/idtheft/. Also be sure to visit the central FTC site at
http://www.ftc.gov/ for additional information and advice.
z Both the Visa and MasterCard websites have extensive information about meeting PCI
Payment Data Security Standards: http://www.visa.com and http://www.mastercard.com.
Level 4
Any merchant processing fewer than 20,000 e-commerce transactions per year, and all other
merchants processing up to 6,000,000 credit card transactions per year.
T
ABLE 2.4 PCI Compliance Validation Requirements
Level Validation Action Validated By
Level 1 Annual Onsite PCI Data Security Assessment
and
Quarterly Network Scan
Qualified Data Security Company or Internal
Audit if signed by Officer of the company
Qualified Independent Scan Vendor
Level 2 and 3 Annual PCI Self-Assessment Questionnaire
and
Quarterly Network Scan
Merchant
Qualified Independent Scan Vendor
Level 4
Annual PCI Self-Assessment Questionnaire
and
Quarterly Network Scan
Merchant
Qualified Independent Scan Vendor
T
ABLE 2.3 Merchant Levels for PCI Compliance
Level Description