Payflow Link Fraud Protection Services User’s Guide For Professional Use Only Currently only available in English. A usage Professional Uniquement Disponible en Anglais uniquement pour l’instant.
Payflow Link Fraud Protection Services User’s Guide Document Number: 200004.en_US-200906 © 2009 PayPal, Inc. All rights reserved. PayPal is a registered trademark of PayPal, Inc. The PayPal logo is a trademark of PayPal, Inc. Other trademarks and brands are the property of their respective owners. The information in this document belongs to PayPal, Inc. It may not be used, reproduced or disclosed without the written approval of PayPal, Inc. Copyright © PayPal. All rights reserved. PayPal (Europe) S.à r.l.
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Organization of This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Chapter 1 Introduction . . . .
Contents Generating Buyer Authentication Reports . . . . . . . . . . . . . . . . . . . . . . . . 13 Special Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Merchants with an Instant Fulfillment Business Model . . . . . . . . . . . . . . . . . 13 Merchants using the Recurring Billing Service . . . . . . . . . . . . . . . . . . . . . 14 Protection From System-wide Threats—The Premium Services . . . . . . . . . . . . . . 14 Account Monitoring Service . . . . . . . . .
Contents Determining Whether Your Payflow Account is Currently Active. . . . . . . . . . . . . . . 35 Activating Your Payflow Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Chapter 9 Managing Payflow Link . . . . . . . . . . . . . . . . . . . 37 Management Tasks Available in PayPal Manager . . . . . . . . . . . . . . . . . . . . . . 37 Generating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents About PayPal’s Transaction Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Collecting Customer Transaction Data, Option 1 . . . . . . . . . . . . . . . . . . . . . . 64 Using the Payflow Link Order Form . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Collecting Customer Transaction Data, Option 2 . . . . . . . . . . . . . . . . . . . . . . 66 Collecting Data on Your Web Page and Posting to the Payflow Link Server . . . . . . 66 Optional Transaction Data . . . . . . . .
Contents Card Security Code Failure Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 BIN Risk List Match Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Account Number Velocity Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 High-risk Address Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 ZIP Risk List Match Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents viii Payflow Link Fraud Protection Services User’s Guide
Preface This Document Payflow Link Fraud Protection Services User’s Guide is intended for merchants who subscribe to PayPal Fraud Protection Services and that will integrate Payflow Link with their ecommerce Web site. The documentation first describes a simple implementation that “gets you up and running” quickly. More complex solutions are described in later chapters. Organization of This Document This guide is organized as follows: z Chapter 1, “Introduction,” contains an overview of Payflow Link.
Preface Customer Support z Appendix A, “Transaction Responses,” provides reference material on the transaction response information in reports. z Appendix B, “Submitting Transaction Data to the Payflow Link Server,” provides guidance for those who wish to develop more complex interactions between their Web page and Payflow Link. z Appendix C, “About the Confirmation Email Messages,” describes the content of the optional confirmation email.
Preface Related Information PayPal Manager online help describes the use of PayPal Manager—the Web-based administration tool that you use to process transactions manually, issue credits, generate reports, and configure Payflow Link.
Preface Related Information xii Payflow Link Fraud Protection Services User’s Guide
1 Introduction Payflow Link is the fast and easy way to add transaction processing to your Web site. With Payflow Link, your customers are linked to Order forms on PayPal’s secure Web server where transactions are processed in real time. With Payflow Link’s simple “cut and paste” integration, you can be up and running with a completely automated payment solution in a matter of hours. You can: z Customize the look and feel of your secure Order forms to match the other pages on your Web site.
1 Introduction What is Payflow Link? What is Payflow Link? Payflow Link is a secure, PayPal-hosted, HTTP-based Internet payment solution. It allows you (a merchant with an internet merchant account) to securely connect your customers to PayPal’s secure server and use it to automate order acceptance, authorization, processing, and transaction management.
Introduction How Payflow Link Works 1 How Payflow Link Works You insert a short bit of HTML text into your Web page. The code creates a Buy button on your Web page that links your customers to PayPal’s secure Payflow Link pages. When your customers click the Buy button at your Web store, they are redirected to a sequence of secure Payflow Link Order processing forms hosted on the PayPal servers. All forms except the Receipt form are optional.
1 Introduction How Payflow Link Works How it works The following steps describe how PayPal Express Checkout works with Payflow Link: 1. After selecting products to purchase, your buyers select PayPal Express Checkout as the method of payment. (Express Checkout gives you the flexibility to put PayPal either first in your checkout process, or on your billing page along with other payment options.) 2.
Introduction How Payflow Link Works 1 Form 2: Order The Order form enables the customer to enter any additional order data on Payflow Link’s secure servers. You have the option to eliminate this page and pass the transaction data directly to the Payflow Link server. In this example, the merchant added their logo to the form. To improve the customer experience and to foster trust, PayPal strongly recommends that you add your logo to the pages and customize the color scheme to match your Web store pages.
1 Introduction How Payflow Link Works the credit card. The issuing bank verifies the password and securely transmits the success message to Payflow Link. The transaction then continues in the normal manner. The Buyer Authentication form appears only if: z You use PayPal’s Buyer Authentication service and z The cardholder is enrolled with the issuer’s 3-D Secure program. Because the card-issuing banks present this page, its appearance varies.
Introduction Introduction to Integrating with Payflow Link z Filter Scorecard. View the number of times that each filter was triggered and the percentage of all transactions that triggered each filter during a specified time period. z Buyer Authentication Transaction. View both authentication results and the associated payment authorizations. z Buyer Authentication Audit. View authentication results. In addition, you can use this report to troubleshoot the Buyer Authentication service.
1 Introduction Payment Types, Credit Cards, and Processing Platforms Supported by Payflow Link z Internet Merchant Account. You must have an internet merchant account before you can begin accepting payments at your Web site. PayPal has partnered with several internet merchant account providers to make applying easy. z Your Web page must calculate the total transaction amount. Payflow Link enables your customers to process a single transaction amount.
Introduction Payment Types, Credit Cards, and Processing Platforms Supported by Payflow Link 1 Supported Credit Cards Payflow Link supports the following credit cards: American Express/Optima Diners Club Discover/Novus JCB MasterCard Visa Supported Processing Platforms Payflow Link supports the following processing platforms: American Express Phoenix American Express APA First Data Merchant Services (FDMS) Nashville First Data Merchant Services (FDMS) North First Data Merchant Services (FDMS) South First
1 10 Introduction Payment Types, Credit Cards, and Processing Platforms Supported by Payflow Link Payflow Link Fraud Protection Services User’s Guide
2 How Fraud Protection Services Protect You This chapter describes the security tools that make up the Fraud Protection Services. In This Chapter z “The Threats” on page 11 z “Protection Against the Threats—Fraud Filters” on page 12 z “Buyer Authentication Service” on page 12 z “Special Considerations” on page 13 z “Protection From System-wide Threats—The Premium Services” on page 14 The Threats There are two major types of fraud—hacking and credit card fraud.
2 How Fraud Protection Services Protect You Protection Against the Threats—Fraud Filters Protection Against the Threats—Fraud Filters Configurable filters screen each transaction for evidence of potentially fraudulent activity. When a filter identifies a suspicious transaction, the transaction is marked for review. Fraud Protection Services offers two levels of filters: Basic and Advanced. The filters are described in Appendix E, “Fraud Filter Reference.
How Fraud Protection Services Protect You Special Considerations 2 Buyer Authentication Service is a separately-purchased option and operates with the Buyer Authentication Failure filter. To enroll for the Buyer Authentication Service, click the Buyer Authentication banner on the PayPal Manager Home page. Follow the on-screen instructions. (In particular, both your processor and your acquiring bank must support buyer authentication.
2 How Fraud Protection Services Protect You Protection From System-wide Threats—The Premium Services Merchants using the Recurring Billing Service To avoid charging you to filter recurring transactions that you know are reliable, Fraud Protection Services filters do not screen recurring transactions. To screen a prospective recurring billing customer, submit the transaction data using PayPal Manager. The filters screen the transaction in the normal manner.
3 Configuring Payflow Link IMPO RTANT: If you currently use Payflow Link and recently added a Fraud Protection Services package, then you do not need to reconfigure Payflow Link and can safely skip this chapter. The AVS and card security code security functions will now be performed by filters. Follow the instructions in Chapter 4, “Configuring the Fraud Protection Services Filters,” If you subscribe to PayPal’s Buyer Authentication Service, then you must display the Confirmation page to customers.
3 Configuring Payflow Link Configuring Payflow Link Settings TABLE 3.1 PayPal Manager Payflow Link Confirmation Page Field Description Return URL Enter the URL of the Web site to which customers should be sent upon clicking Continue on the Receipt page. This URL is typically your merchant site. If you do not specify a URL, then the Continue button does not appear on the Receipt page. Silent POST URL Ensure that the transaction data is passed back to your Web site when a transaction is completed.
Configuring Payflow Link Configuring Payflow Link Settings TABLE 3.1 3 PayPal Manager Payflow Link Confirmation Page Field Description Email from Merchant Address Enter the email address to which successful transaction confirmation emails should be sent. Email to Merchant Address (copy) If desired, enter a second email address to which successful transaction confirmation emails should be sent.
3 18 Configuring Payflow Link Configuring Payflow Link Settings Payflow Link Fraud Protection Services User’s Guide
4 Configuring the Fraud Protection Services Filters This chapter describes how to configure the Fraud Filters for your account. The chapter explains a phased approach to implementing the security of transactions. You are not required to use the approach described in this chapter. However it enables you to fine tune your use of filters before you actually deploy them in a live environment. You first make and fine-tune filter settings in a test environment.
4 Configuring the Fraud Protection Services Filters Phase 1: Run Test Transactions Against Filter Settings on Test Transaction Security Servers Phase 1: Run Test Transactions Against Filter Settings on Test Transaction Security Servers In this phase of implementation, you configure filter settings for test servers that do not affect the normal flow of live transactions. You then run test transactions against the filters and review the results offline to determine whether the integration was successful.
Configuring the Fraud Protection Services Filters Phase 2: Run Live Transactions on Live Transaction Servers in Observe Mode 4 Phase 2: Run Live Transactions on Live Transaction Servers in Observe Mode In this phase, you configure filters on live servers to the settings that you had fine-tuned on the test servers. In Observe mode, filters examine each live transaction and mark the transaction with the filter results.
4 Configuring the Fraud Protection Services Filters Phase 3: Run All Transactions Through the Live Transaction Security Servers Using Active Mode Phase 3: Run All Transactions Through the Live Transaction Security Servers Using Active Mode Once you have configured all filters to optimum settings, you convert to Active mode. Filters on the live servers examine each live transaction and take the specified action. 6. Click Move Test Filter Settings to Live.
5 Integrating Your Web Site with Payflow Link (Basic Integration) IMPO RTANT: If you currently use Payflow Link and have added a Fraud Protection Services package, then you must change the Payflow Link URL in your HTML code. Use: https://payflowlink.paypal.com The examples in this chapter use the Fraud Protection Services URL. This chapter provides full instructions for a simple integration option that enables you to begin to process transactions using Payflow Link in about an hour.
5 Integrating Your Web Site with Payflow Link (Basic Integration) Example of a Simple Integration
2.Integrating Your Web Site with Payflow Link (Advanced Integration) 6 IMPO RTANT: If you currently use Payflow Link and added a Fraud Protection Services package, then you must change the Payflow Link URL in your HTML code. Use: https://payflowlink.paypal.com The examples in this chapter use the Fraud Protection Services URL. If you have HTML knowledge or Web development skills, you can create more customized Payflow Link integrations by starting with the code described in this chapter.
6 Integrating Your Web Site with Payflow Link (Advanced Integration) Example of a Custom Integration
7 Testing Payflow Link Testing Credit Card Transactions N O T E : Test Transactions are processed through PayPal’s simulated payment network to enable you to test Payflow Link—no money changes hands. You must activate your account and set Transaction Process Mode to LIVE before accepting real orders. Refer to PayPal Manager online help for information on activating your account. Performing Test Transactions To perform test transactions, perform the purchase process from your Web site as described here.
Testing Payflow Link Testing Credit Card Transactions 7 Testing RESULT Code Responses You can use the amount of the transaction to generate a particular RESULT code. N O T E : “RESULT Values for Transaction Declines or Errors” on page 50 describes each transaction RESULT code. N O T E : For all processors except FDI: Credit (C) and Force (F) transactions will always be approved regardless of dollar amount or card number. Table 7.2 lists the general guidelines for specifying amounts. TABLE 7.
7 Testing Payflow Link Testing Credit Card Transactions Alternative Methods for Generating Specific Result Codes TABLE 7.
Testing Payflow Link Testing Address Verification Service (AVS) TABLE 7.4 7 Obtaining PayPal result code Result Definition How to test using Payflow Link 25 Transaction type not mapped to this host Submit a transaction for a card or tender you are not currently set up to accept, for example, a Diners card if you aren’t set up to accept Diners. 101 Time-out value too small Set timeout value to 1. 103 Error reading response from host Use an AMOUNT of 1103.
7 Testing Payflow Link Testing Card Security Code If STREET starts with 667-999, or begins with a non-numeric character, as anything above 999 will revert to a 3-character check. So if a merchant puts in 1111 and thinks that they will get a X because it is “higher” than 667, then they will actually get a Y because the pilot AVS only checks the first three digits. TABLE 7.
Testing Payflow Link Testing the Buyer Authentication Service 7 For testing, the first three characters of the submitted card security code value determine the card security code result, as shown in Table 7.7. TABLE 7.
7 Testing Payflow Link Testing the Buyer Authentication Service TABLE 7.8 Test Case 34 Test account numbers for obtaining particular results Test Account Number Test Results Resulting Activity 2 5100000000000008 5200000000000007 4000000000000002 400000000000010 Card enrolled Failed authentication Successful signature verification ACS page displayed, enter any password, buyer authentication fails.
8 Activating Payflow Link Once you have established your internet merchant account with a merchant bank, configured the Payflow Link forms, linked your Web store page to Payflow Link, and tested your Web site’s integration with Payflow Link, you are ready to activate your account to submit live financial transactions.
8 Activating Payflow Link Activating Your Payflow Account Step 2 Configure transactions to go to the live Payflow Link servers. In this step, you set the Transaction Process status to LIVE. 1. Log in to PayPal Manager at https://manager.paypal.com. 2. Navigate to Service Settings > Payflow Link > Configuration. In the Form Configuration section on the Configuration page, change Transaction Process Mode from Test to Live. Click Save Changes.
9 Managing Payflow Link This chapter describes how to use PayPal Manager to manage your Payflow Link account settings and transaction activity as well as to generate a variety of transaction reports. This chapter also describes the reports that you use to monitor your Payflow Link account. N O T E : Before proceeding, learn how to get around in PayPal Manager. Refer to PayPal Manager’s online help for information on using any page or field. To view online help, click the Help link.
9 38 Managing Payflow Link Generating Reports Payflow Link Fraud Protection Services User’s Guide
10 Assessing Transactions that Triggered Filters As part of the task of minimizing the risk of fraud, you review each transaction that triggered a filter. You decide, based on the transaction’s risk profile, whether to accept or reject the transaction. This chapter describes how to review transactions that triggered filters, and provides guidance on deciding on risk.
10 Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions FIGURE 10.1Fraud Transactions Report page 2. Specify the date range of the transactions to review. 3. Specify a Transaction Type: TABLE 10.1 Transaction types Transaction Type Description Reject Transactions that the filters rejected. These transactions cannot be settled. The type of filter that took this action is called a Reject filter. Review Transactions that the filters set aside for your review.
Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions 10 N O T E : If filters are deployed in Observe mode, then all transactions have been submitted for processing and are ready to settle. Transactions are marked with the action that the filter would have taken had the filters been deployed in Active mode. The following information appears in the report: TABLE 10.2 Transactions Report field descriptions Heading Description Report Type The type of report created.
10 Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions The Fraud Details page appears, as discussed in the next section. Acting on Transactions that Triggered Filters The Fraud Details page displays the data submitted for a single transaction. The data is organized to help you to assess the risk types and to take action (accept, reject, or continue in the review state). The following notes describe data in the Fraud Details page shown in the figure. 1.
Assessing Transactions that Triggered Filters Fine-tuning Filter Settings—Using the Filter Scorecard 10 Fine-tuning Filter Settings—Using the Filter Scorecard The Filter Scorecard displays the number of times that each filter was triggered and the percentage of all transactions that triggered each filter during a specified time period. This information is especially helpful in fine-tuning your risk assessment workflow.
10 Assessing Transactions that Triggered Filters Re-running Transactions That Were Not Screened Ensuring Meaningful Data on the Filter Scorecard The Scorecard shows the total number of triggered transactions for the time period that you specify, so if you had changed a filter setting during that period, the Scorecard result for the filter might reflect transactions that triggered the filter at several different settings.
11 Integrating TeleCheck Transactions In addition to accepting credit cards, your Web site can accept TeleCheck electronic checks using Payflow Link. This chapter describes how to implement TeleCheck payments. N O T E : Be sure to read Appendix B, “Submitting Transaction Data to the Payflow Link Server,” for information on more advanced implementations.
11 Integrating TeleCheck Transactions Data That You Must Post if You Do Not Use Payflow Link’s Order Form Enabling Customers to Specify the Payment Method If your Web site is structured to accept both checks and credit cards, then, by default, your customers will see the Select Payment Type page to enable them to specify the method of payment. FIGURE 11.
Integrating TeleCheck Transactions Transaction Results Returned for TeleCheck Transactions 11 TABLE 11.1 Transaction data required if ORDERFORM=False(Continued) Field Name Description Max Length MICR MICR number of the check. The string appears at the bottom of the check. 31 NAME Billing name. 60 PARTNER The name of your Partner was provided to you by your PayPal Reseller. PHONE Billing phone. 20 STATE Billing state. 20 STATEOFDL Driver’s license state (two-letter abbreviation).
11 Integrating TeleCheck Transactions Testing TeleCheck Transactions Testing TeleCheck Transactions Use the following test data to test TeleCheck transactions: TABLE 11.3 Test TeleCheck transaction data 48 Bank (MICR) Number Check No.
A Transaction Responses When a transaction is completed, PayPal returns transaction response information. PayPal Manager displays transaction responses on the following pages: z Perform Transaction Results page, returned whenever you complete a transaction using the Perform Transaction tab. z Report pages z Transaction Detail page, which you can access using the search utilities or by clicking the Transaction ID on most report pages For details on these pages, refer to PayPal Manager online help.
A Transaction Responses RESULT Codes and RESPMSG Values RESULT Values for Transaction Declines or Errors For non-zero Results, the response string includes a RESPMSG name/value pair. The exact wording of the RESPMSG (shown in bold) may vary. Sometimes a colon appears after the initial RESPMSG followed by more detailed information. TABLE A.1 50 Payflow transaction RESULT values and RESPMSG text RESULT RESPMSG and Explanation 0 Approved 1 User authentication failed.
Transaction Responses RESULT Codes and RESPMSG Values TABLE A.1 A Payflow transaction RESULT values and RESPMSG text (Continued) RESULT RESPMSG and Explanation 13 Referral. Transaction cannot be approved electronically but can be approved with a verbal authorization. Contact your merchant bank to obtain an authorization and submit a manual Voice Authorization transaction. 14 Invalid Client Certification ID. Check the HTTP header.
A Transaction Responses RESULT Codes and RESPMSG Values TABLE A.1 52 Payflow transaction RESULT values and RESPMSG text (Continued) RESULT RESPMSG and Explanation 50 Insufficient funds available in account 51 Exceeds per transaction limit 99 General error. See RESPMSG. 100 Transaction type not supported by host 101 Time-out value too small 102 Processor not available 103 Error reading response from host 104 Timeout waiting for processor response. Try your transaction again.
Transaction Responses RESULT Codes and RESPMSG Values TABLE A.1 A Payflow transaction RESULT values and RESPMSG text (Continued) RESULT RESPMSG and Explanation 117 Failed merchant rule check. One or more of the following three failures occurred: An attempt was made to submit a transaction that failed to meet the security settings specified on the PayPal Manager Security Settings page. If the transaction exceeded the Maximum Amount security setting, then no values are returned for AVS or CSC.
A Transaction Responses RESULT Codes and RESPMSG Values TABLE A.1 54 Payflow transaction RESULT values and RESPMSG text (Continued) RESULT RESPMSG and Explanation 402 PIM Adapter Unavailable 403 PIM Adapter stream error 404 PIM Adapter Timeout 600 Cybercash Batch Error 601 Cybercash Query Error 1000 Generic host error. This is a generic message returned by your credit card processor. The RESPMSG will contain more information describing the error.
Transaction Responses RESULT Codes and RESPMSG Values TABLE A.
A Transaction Responses RESULT Codes and RESPMSG Values TABLE A.
Transaction Responses RESULT Codes and RESPMSG Values TABLE A.
A Transaction Responses RESULT Codes and RESPMSG Values AVS Result Codes IMPO RTANT: The AVS result is for advice only. Banks do not decline transactions based on the AVS result—you make the decision to approve or decline each transaction. You must manually check the results of each manual transaction to view its AVS result and to act on it appropriately. AVS does not operate for manual transactions.
Transaction Responses AVS Results A AVS Results Any one of the following results can appear in the AVS Street Match and AVS ZIP Match fields on the Transaction Detail page: TABLE A.4 AVS Result Codes Result Meaning Y Information submitted matches information on file with cardholder's bank. N Information submitted does not match information on file with the cardholder's bank. X Cardholder's bank does not support AVS checking for this information.
A Transaction Responses Card Security Code Result Codes FIGURE A.1 Credit card security code locations Card Security Code Results If you submit the transaction request parameter for card security code (that is, the CVV2 parameter), the cardholder’s bank returns a Yes/No/ response in the CVV2MATCH response parameter, as per the table below. TABLE A.5 CVV2MATCH response values CVV2MATCH Value Description Y The submitted value matches the data on file for the card.
Transaction Responses Card Security Code Result Codes A Processors and Credit Cards Supporting Card Security Code PayPal supports card security code validation as listed in the table below. TABLE A.
A Transaction Responses Card Security Code Result Codes Card-Not-Present Environment In a card-not-present environment, American Express recommends that you include the following information in your authorization message: z Card member billing name z Shipping information (SHIPTO* parameters) such as: – Address – Name – Shipping method z Customer information such as: – – – – z Email address IP address Host name Browser type Order information (such as product SKU) Card-Present Environment In a ca
B Submitting Transaction Data to the Payflow Link Server This chapter is intended for merchants with intermediate or advanced HTML knowledge or Web development skills. It describes the options you have for sending transaction data to the Payflow Link server. This chapter also describes the transaction parameters that you can send to the Payflow Link server and the data that you can choose to have returned to your Web site when a transaction is complete.
B Submitting Transaction Data to the Payflow Link Server Collecting Customer Transaction Data, Option 1 Collecting Customer Transaction Data, Option 1 Using the Payflow Link Order Form You can use the Payflow Link Order form to collect transaction data from the customer. This default configuration is described in Chapter 5, “Integrating Your Web Site with Payflow Link (Basic Integration).” This configuration minimizes the data that you must collect at your site and pass to PayPal.
Submitting Transaction Data to the Payflow Link Server Collecting Customer Transaction Data, Option 1 B FIGURE B.1 Order form with values Data That You Must Pass if You Use Payflow Link’s Order Form In “Example of a Simple Integration” on page 23, we discussed the minimum data set required by Payflow Link if you use Payflow Link’s Order form to collect transaction information from the customer. Table B.1 lists the minimum data set.
B Submitting Transaction Data to the Payflow Link Server Collecting Customer Transaction Data, Option 2 TABLE B.1 Transaction data required for all Payflow Link transactions Field Name Description Max Length LOGIN The login name that you chose while enrolling for your Payflow account. PARTNER The name of your Partner was provided to you by your Reseller. AMOUNT The total amount of the transaction. Decimal number with two decimal places. Amount must be greater than 1.00.
Submitting Transaction Data to the Payflow Link Server Collecting Customer Transaction Data, Option 2 B Data That You Must Post if You do not use Payflow Link’s Order Form If you turn off Payflow Link’s Order form by setting ORDERFORM=False, the customer must enter all transaction data at your Web site. Because the Order form does not collect the transaction data, you must Post the data listed in Table B.2 to the Payflow Link server.
B Submitting Transaction Data to the Payflow Link Server Optional Transaction Data TABLE B.2 Transaction data required if ORDERFORM=False(Continued) Field Name Description Max Length ZIP Billing ZIP (postal) code. 10 Optional Transaction Data For any transaction, you can pass the optional parameters listed in Table B.3 to the Payflow Link server. You can also return any of these values to your Web server using the Return Post or Silent Post method.
Submitting Transaction Data to the Payflow Link Server Optional Transaction Data TABLE B.3 B Optional parameters(Continued) Field Name Description Max Length CUSTID This string type parameter is intended to temporarily store data that you specify (for example, a number or text name that you use to identify the customer). This parameter enables you to return the value to your Web server by using the Post or Silent Post feature. Note: CUSTID is not stored in PayPal’s transaction database.
B Submitting Transaction Data to the Payflow Link Server Returning Data to Your Web Site TABLE B.3 Optional parameters(Continued) Field Name Description Max Length PONUM Purchase Order number. This alphanumeric string value cannot include spaces. 25 SHIPAMOUNT The cost of shipping. Decimal number with two decimal places. STATE Billing state. 20 STATETOSHIP Shipping state. 20 TAX The amount of tax on a transaction.
Submitting Transaction Data to the Payflow Link Server Returning Data to Your Web Site B RESULT=0&AUTHCODE=010101&RESPMSG=Approved&AVSDATA=YNY&PNREF=V63F28770576&HO STCODE=&INVOICE=3452345&AMOUNT=117.03&TAX=&METHOD=CC&TYPE=S&DESCRIPTION=1+f elt+hat%2C+Model+FC&CUSTID=NT1000&NAME=Nancy+Thompson&ADDRESS=1428+Elm+Stre et&CITY=Springwood&STATE=CA&ZIP=66666&COUNTRY=USA&PHONE=121-3254253&FAX=&EMAIL=nthompson@buyalot.
B Submitting Transaction Data to the Payflow Link Server Data Returned by the Post and Silent Post Features Silent Post The Silent Post feature returns data using the HTML Post method whenever a transaction succeeds. The data is sent at the same time as when the Receipt page is displayed. To ensure that transactions proceed only if your script actually receives the data returned by the Silent Post, you must also select the Force Silent Post Confirmation feature.
Submitting Transaction Data to the Payflow Link Server Data Returned by the Post and Silent Post Features B Values Returned When ECHODATA is False The values described in Table B.4 are generated by PayPal (or the cardholder’s issuing bank) to provide status information for the transaction. The values are described in Table B.4. All values are also stored in the PayPal database. TABLE B.
B Submitting Transaction Data to the Payflow Link Server Data Returned by the Post and Silent Post Features Values Returned When ECHODATA is True When ECHODATA=True, all values returned for ECHODATA=False are returned plus all transaction data that was submitted for the transaction. Here is a list of all possible values returned when ECHODATA=True. These parameters are described in the sections on submitting transactions.
Submitting Transaction Data to the Payflow Link Server Parameters That Specify Payflow Link Operation B Parameters That Specify Payflow Link Operation You can use the optional parameters listed in Table B.5 to specify Payflow Link operation. TABLE B.5 Parameters used to configure Payflow Link Field Name Description Valid Entries ECHODATA Controls the amount of data returned to your Web site when Payflow Link is configured to return data to your Web site using the Post or Silent Post feature.
B 76 Submitting Transaction Data to the Payflow Link Server Parameters That Specify Payflow Link Operation Payflow Link Fraud Protection Services User’s Guide
C About the Confirmation Email Messages You have the option of sending order confirmation email messages to the customer, to yourself, or to both. The messages resemble the examples in this appendix. Example Customer Email Message FIGURE C.
C About the Confirmation Email Messages Example Merchant Email Message Example Merchant Email Message FIGURE C.2 Example merchant email message Fields Returned in the Confirmation Email Message N O T E : The confirmation email messages return only those values that were submitted with the transaction. The customer email message includes the header and footer text that you specified on the PayPal Manager Payflow Link Confirmation page.
About the Confirmation Email Messages Fields Returned in the Confirmation Email Message C Transaction Information INVOICE SHIPAMOUNT TAX AMOUNT CUSTID Billing Information NAME ADDRESS CITY STATE ZIP PHONE FAX EMAIL Shipping Information NAMETOSHIP ADDRESSTOSHIP CITYTOSHIP ZIPTOSHIP COUNTRYCODE PHONETOSHIP FAXTOSHIP EMAILTOSHIP Additional Information DESCRIPTION Payflow Link Fraud Protection Services User’s Guide 79
C 80 About the Confirmation Email Messages Fields Returned in the Confirmation Email Message Payflow Link Fraud Protection Services User’s Guide
D Payflow Link Transaction Types Payflow Link supports the following transaction types: TABLE D.1 Transaction types Type Code Transaction Name S Sale / Payment Charges the specified amount against the account, and marks the transaction for immediate funds transfer (capture) during the next settlement period. PayPal performs settlement on a daily basis. A Authorization A request to charge a cardholder.
D 82 Payflow Link Transaction Types Payflow Link Fraud Protection Services User’s Guide
E Fraud Filter Reference This appendix describes the filters that make up part of the Fraud Protection Services. Filters analyze transactions and act on those that show evidence of potential fraudulent activity. Filters can set such transactions aside for your review or reject them outright, depending on settings that you specify. Filters are grouped to help you to assess the risk types and to take action (accept, reject, or continue in the review state).
E Fraud Filter Reference About the Fraud Risk Lists z “IP Address Velocity Filter” on page 95 Filters Included with the Advanced Fraud Protection Services Option All Basic filters plus: z “To enforce the minimum Visa regulations, set the filter to Medium strength with an action of Reject. This setting rejects N responses, however, so there is no liability benefit.
Fraud Filter Reference Unusual Order Filters E Filters Applied After Processing Most filters are applied to the transaction request before forwarding the request to the processor. The following filters are applied to the transaction results that the processor returns: Unusual Order Filters Unusual Order Filters identify transactions that exceed the normal size for your business.
E Fraud Filter Reference Unusual Order Filters Shipping/Billing Mismatch Filter What does the filter do? This filter screens for differences between the shipping information and the billing information (street, state, ZIP code, and country). The specified action is taken whenever the shipping information differs from the billing information. Data Normalization The Shipping/Billing Mismatch filter is tolerant of minor address inaccuracies that result from typographical or spelling errors.
Fraud Filter Reference High-risk Payment Filters E How does the filter protect me? Some products are attractive to fraudsters (especially popular products with high resale value like computers or televisions). The Product Watch List filter gives you the opportunity to review transactions involving such products to ensure that the order is legitimate.
E Fraud Filter Reference High-risk Payment Filters Processors that Support AVS The AVS services listed in the table below are supported. TABLE E.
Fraud Filter Reference High-risk Payment Filters E Once you deploy the filters to Live mode (either Observe or Active), the AVS and card security code checks that you may have previously set on the Payflow Link Configuration page are replaced by the AVS and card security code filter settings. In Observe mode, no action is taken on AVS and card security code. To take action if you are confident of your filter settings, deploy to Active mode.
E Fraud Filter Reference High-risk Payment Filters The card security code check compares the number provided by the customer with the number on file with the issuer and returns one of the following responses: TABLE E.4 Card security code responses Result Meaning Y The submitted information matches information on file with account holder's bank. N The submitted information does not match information on file with the account holder's bank. X Account holder's bank does not support this service.
Fraud Filter Reference High-risk Payment Filters E BIN Risk List Match Filter What does the filter do? The Bank Identification Number (BIN) makes up the first six digits of a credit card number. The BIN identifies the bank that issued the card. This filter screens every credit card number for BINs on the high-risk list. The specified action is taken whenever a BIN matches one on the list.
E Fraud Filter Reference High-risk Address Filters High-risk Address Filters High Risk Address Filters identify transactions associated with high-risk geographical locations or poorly-matched transaction data. ZIP Risk List Match Filter What does the filter do? This filter compares the Ship To and Bill To ZIP codes (US only) against the high-risk list. High-risk ZIP codes are determined based on analysis of millions of e-commerce transactions.
Fraud Filter Reference High-risk Address Filters E USPS Address Validation Failure Filter What does the filter do? This filter screens the Ship To and Bill To addresses (street number, street name, state, and ZIP code) against the United States Postal Service database of existing addresses. The USPS updates the database continually. The specified action is taken whenever the address cannot be validated (it does not exist or is incorrect in some way).
E Fraud Filter Reference High-risk Address Filters Email Service Provider Risk List Match Filter What does the filter do? This filter compares the e-mail service provider used by the customer against a list of high-risk e-mail service providers. N O T E : Fraudsters most often use free services at which they do not need to provide traceable billing information. (Free services are also popular among legitimate shoppers— because they are free.
Fraud Filter Reference High-risk Address Filters E How does the filter protect me? Comparing the geographical location associated with the IP address to the submitted shipping and billing information can be an effective method for identifying identity spoofing. Fraudsters often pretend to live in a location, but live and shop from another. All three elements should match one realistic customer profile.
E Fraud Filter Reference High-risk Customer Filters High-risk Customer Filters Bad Lists What does the filter do? This filter compares the customer’s e-mail address and credit card number against lists (that you create) of addresses and numbers for known bad customers. N O T E : Unlike the Risk lists managed by PayPal, you, solely, manage and update the Bad Lists. Any transaction that is an exact match with an entry in one of your bad lists triggers the filter.
Fraud Filter Reference International Order Filters E Certain countries, however, are much riskier than others. These countries have high likelihood of fraud and you should evaluate transactions from these countries closely. International Shipping/Billing Address Filter What does the filter do? This filter screens the customer’s shipping and billing information for non-U.S. addresses. The filter checks for country code 840, or any derivation of “United States” (U.S.
E Fraud Filter Reference International Order Filters International AVS Filter What does the filter do? International Address Verification Service (IAVS), determines whether the issuer is domestic (US) or international. TABLE E.5 AVS filter results Result Meaning Y The card number is associated with an international issuer. N The card number is associated with a US issuer. X Account holder's bank does not support IAVS. (Null) In some cases banks return no value at all.
Fraud Filter Reference Accept Filters E Accept Filters Accept Filters immediately approve transactions that meet characteristics that you specify. If a filter in this group is triggered, then the transaction is accepted regardless of Review filter results. IMPO RTANT: The Accept filters are designed to reduce the load on your staff by reducing the number of transactions set aside for review. The Accept filters do not reduce risk.
E Fraud Filter Reference Custom Filters How does the filter protect me? Merchants with an especially high transaction volume can use this filter to reduce the number of transactions that their staff must review—transactions below the specified price level are accepted without further analysis. Custom Filters You create Custom filters by combining up to five existing filters.
F Frequently Asked Questions Using Payflow Link with other Applications Can I use Payflow Link with my existing shopping cart? If your existing shopping cart is pre-integrated with Payflow Link, follow the instructions for integrating and configuring your cart for Payflow Link. Otherwise, integrating will require extensive programming. Will I be to able use Payflow Link with my current merchant account? Currently Payflow Link is available for Internet merchant accounts processing through FDMS Nashville.
F Frequently Asked Questions Using Payflow Link Does Payflow Link allow me to customize the display of my order form? Yes. The General Display Options of Payflow Link enables you to customize the appearance of the order form the customers use to fill in their personal information. When my customers are declined, can I program the button on the decline page to bring them back to my Web site? Currently, it returns them to the order page.
Frequently Asked Questions F I'm using Silent Post to retrieve transaction information. I'm also using the AVS security options in Manager. If the AVS information doesn't match, then Payflow Link voids the transaction. However, my Silent Post script only receives notification of the sale. I don't get a second silent post for the void. How will I know which transactions are voided? You can tell by the RESPMSG. You will need to have your script call on this variable.
F 104 Frequently Asked Questions Payflow Link Fraud Protection Services User’s Guide
Index Index A Accepted transactions 40 account activating Payflow Link 35 Account Monitoring Service 14 Account Number Velocity Filter 91 Active mode 19 Address Verification Service 58 authorization transaction type 81 AVS Failure Filter 87 AVS result codes 58 AVS, see Address Verification Service B BIN Risk List Match Filter 91 Buyer Authentication form 6 Buyer Authentication Service 12 C Card Security Code Failure Filter 89 check processing 45 communications errors 55 configuring email messag
Index H hacking 11 High-risk Address Filters 92 High-risk Payment Filters 87 I instant fulfillment 13 integration custom 25 minimum 23, 25 IP Address Match Filter 93 IP Address Velocity Filter 95 L liability reducing 12 live operation 35 rejecting transactions 42 RESPMSG value 50 result codes AVS 58 RESULT value 49 RESULT values communication errors 55 Returned Data 70 Reviewed transactions 40 reviewing transactions 40 risk lists 84 S sale/payment transaction type 81 SecureCode 12 Shipping/Billing Mism
Index testing TeleCheck 48 type codes 81 type code 81 U Unusual Order Filters 85 USPS Address Validation Failure Filter 93 V Verified by Visa 12 Z ZIP Risk List Match Filter 92 Payflow Link Fraud Protection Services User’s Guide 107
Index 108 Payflow Link Fraud Protection Services User’s Guide
