Study Guide
Table Of Contents
- PayPal Certified Developer Program Study Guide
- Contents
- List of Tables
- Online Payment Processing
- Internet Security and Fraud Prevention
- Why Every Business Should Be Concerned About Internet Fraud
- Liability for Internet Fraud
- Internet Fraud: What It Is and How It Happens
- Who Is at Risk for Online Fraud
- Reducing Exposure to Fraud
- What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
- What PayPal Is Doing to Protect Your Business Against Fraud
- Disclosure and Compliance
- PayPal Fraud Protection Services
- Review Questions
- Getting Started With Account Setup
- API Credentials
- Name-Value Pair (NVP) API
- Express Checkout
- Direct Payment API
- Transactions
- Sandbox Testing
- Answers to Review Questions
- General Reference Information
- Glossary
- Index
Internet Security and Fraud Prevention
Review Questions
2
40 March 2008 PayPal Certified Developer Program Study Guide
8. The left column in the table lists the PCI data security standards. The right column contains
a list of requirements. Indicate which requirements meet each standard. (Note: Each
standard has one or more requirements.)
9. Define the following standard antifraud features included with each PayPal Payflow
Gateway solution.
– Card security code
_____________________________________________________________________
_____________________________________________________________________
– Address verification system (AVS).
_____________________________________________________________________
_____________________________________________________________________
Response Standards Requirements
Build and Maintain a Secure Network 1. Restrict physical access to cardholder data.
2. Regularly test security systems and processes.
3. Develop and maintain secure systems and
applications.
4. Encrypt transmission of cardholder data and
sensitive information across public networks.
5. Protect stored data.
6. Assign a unique ID to each person with computer
access.
7. Use and regularly update antivirus software.
8. Do not use vendor-supplied defaults for system
passwords and other security parameters.
9. Track and monitor all access to network resources
and cardholder data.
10. Maintain a policy that addresses information
security.
11. Install and maintain a firewall configuration to
protect data.
12. Restrict access to data by business need-to-know.
Protect Cardholder Data
Maintain a Vulnerability
Management Program
Implement Strong-Access Control
Measures
Regularly Monitor and Test Networks
Maintain an Information Security
Policy