Académique Documents
Professionnel Documents
Culture Documents
PayPal is:
Increase in sales for Percentage of consumers who would small to mid-sized Number of PayPal businesses that added have abandoned their accounts worldwide purchase if PayPal PayPal Express payments were not Checkout* available**
***Source:PayPal study of of small to mid-sized Source: PayPal survey small- and mediumbusinesses, November sized businesses, 2006 2007
PayPal Growth
141M accounts 31% yoy volume growth 190 countries 70+ currencies 1000s of merchants add PayPal every year
PayPal
helps you grow your business
Institutions
Customers Issuing Bank provides customers credit card information and verification Merchants Acquiring Bank provides internet merchant account Processor authorizes credit card transactions and settles funds for merchants
Services
Payment Processing Service connects merchants, customers, and banks through secure online transactions. Gateway the secure pipe between the banks and the processor
Authorization Process
Payment Processing Service
3 2
Merchant
6 4 5
Customers issuing bank
8
Customer
Processor
1. Customer decides to make an online purchase and inputs credit card information 2. 3. 4. 5. 6. 7. 8. Merchants website receives customer information and sends it to a payment processing service Payment processing service routes information to processor Processor routes information to bank that issued customers credit card (issuing bank) Issuing bank sends authorization (or declination) to processor Processor routes transaction results to payment processing service Payment processing service sends results to merchant Merchant decides to accept or reject purchase
6
Settlement Process
Payment Processing Service
2 7 3
Merchant
4 5
Processor
6
Customer 1. 2. 3. 4. 5. 6. 7.
Merchant informs the payment processing service to settle transactions Payment processing service sends transaction information to the processor Processor checks the information and forwards settled transaction information to the issuing bank Issuing bank transfers funds to the processor Processor routes funds to the acquiring bank Acquiring bank credits merchants bank account Issuing bank includes merchants charge on customers credit card account
7
Merchant
Processor Customer
Vulnerabilities abound
Authentication is a challenge Hackers can break into a merchants network Hackers can also steal customer identities Multiple access points for break-ins
leading to losses
An estimated $2.8B USD was lost to online fraud in the U.S. and Canada in 2005 The rate of credit card fraud for online sales is three to four times higher than the overall fraud rate
Chargebacks
A cardholder disputes a credit card purchase
Identity theft
Using stolen information to open new credit cards
Cash theft
Issuing unauthorized credits or payments
10
Transaction Level Ensure each transaction you accept and process is valid, and be careful in reviewing suspicious transactions because some may be valid. Account Level Make sure only authorized users have access to your payment gateway account, and be alert for suspicious account access patterns. Network Level Ensure your perimeter is defended against unauthorized access.
11
Your Disclosure Policy Tells Customers that You Are Honest and Dependable
1 Business Description Explains what the company does 2 Privacy Policy Describes how the company treats and protects
customers information
12
Compliance with PCI Data Security Standards Must Be Followed Control Objective
Build and Maintain a Secure Network
Requirement
1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes 12. Maintain a policy that addresses information security
Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy
PayPal Shopping Cart Software
13
PayPal Offers the Payment Solution that Meets Your Business Need PayPal Products
Express Checkout**
Payflow Gateway
Scenario #1
Accept online credit card payments with minimal effort
Scenario #2
Build an all-in-one solution for accepting web, phone, fax and mail payments
Scenario #3
Accept PayPal, keep current payment processor
Scenario #4
Provide a secure connection from your online store to your merchant account
14
Product
Scenario
Express Checkout
Accept PayPal, keep current merchant account
Payflow Gateway
Establish a secure connection between online store and merchant account, and keep merchant account
X
PayPal or merchants website
PayPal
PayPal or merchants website
Where customers PayPal checkout Virtual Terminal included? Business credit approval needed?
X X
X X
X
15
Whats Next ?
The information contained in this document represents the current view of Neowave Sdn Bhd on the issues discussed as of the date of publication. Because Neowave must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Neowave, and Neowave cannot guarantee the accuracy of any information presented after the date of publication.
This overview is for informational purposes only. Neowave MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Use it at your own risk.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Neowave Sdn Bhd.
Neowave may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Neowave, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Neowave and webShaper are either registered trademarks or trademarks of Neowave Sdn Bhd in Malaysia and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.