Hello, please sign in or register
You are here: Home

Paypal Exam

 Data security is fraught with nomenclatures like Munging and PCI DSS, etc... 

This article lists some of the technical payment processing jargon and buzz words at my disposal. For the PayPal exam so i can use this logo...
 ..  really you dont need to be jealous.

DSS (Data Security Standard)
  • PCI DSS is a set of requirements designed to enhance the security of data in credit card accounts.
  • Apply to any company that stores, processes, or transmits Primary Account Numbers (PANs).
  • PCI DSS was jointly developed by five major credit card companies.
PCI (Payment Card Industry)
  • Visa, MasterCard, American Express, JCB, Discovery
PA-DSS (Payment Application Data Security Standard)
  • Visa developed this after the DSS
5 Steps to validating complicance
  1. PCI DSS Scoping (What system components are goverened by PCI DSS?)
  2. Sampling (Of the scope do the components comply with DSS?)
  3. Compensating Controls (What alternative technologies would be better secure the components)
  4. Reporting (compile a report and submit to the acquiring bank or card corporation)
  5. Clarifications (Clarify the report upon request)
QSA (Qualified Security Assessor)
  • A Data security firm that is certified by the PCI SSC
  • Provides onsite assessment
ASV (Approved Scanning Vendors)
  • External vunerability scan
  • PCI SSC Compliant
SAQ (Self-Assesment Questionaire)
  • For small transaction volumes
  • Validation for merchants not required to do on-site assesments for PCI DSS compliance
  • Yes/No answers, If No? a date of compliance is expected
Merchant Levels of PCI compliance
  1. > 6m (million) transactions per year OR has been attacked OR identified by any card-association company. (Requires Annual QSA and frequent ASV)
  2. 1m - 6m transactions per year (Requires frequent ASV and annual SAQ)
  3. 20'000 - 1m transactions per year (Requires frequent ASV and annual SAQ)
  4. All other Merchants (Requires frequent ASV and annual SAQ)
 PCI compliance
  1. Build and Maintain a Secure Network
    - Install and maintain a firewall configuration to protect cardholder data
    - Do not use vendor-supplied defaults for system passwords and other security parameters
  2. Protect Cardholder Data
    - Protect stored cardholder data
    - Encrypt transmission of cardholder data across open, public networks
  3. Maintain a Vulnerability Management Program
    - Use and regularly update anti-virus software
    - Develop and maintain secure systems and applications
  4. Implement Strong Access Control Measures
    - Restrict access to cardholder data by business need-to-know
    - Assign a unique ID to each person with computer access
    - Restrict physical access to cardholder data
  5. Regularly Monitor and Test Networks
    - Track and monitor all access to network resources and cardholder data
    - Regularly test security systems and processes
  6. Maintain an Information Security Policy
    - Maintain a policy that addresses information security
CyberSource Corp

Estimates online fraud:

  • $3.6 billion USD in 2007
  • $3.1 billion USD in 2006
  • $2.8 billion USD in 2005
  • $2.6 billion USD in 2004
Merchant Seller of goods
Customer Buyer of goods
Customer Issuing Bank Provides Customers credit card information and verification

Merchant Acquiring Bank

Provides Internet Merchant Account
Processor Authorizes credit Card transactions and settles funds for Merchants
Payment Prossessing Authorization
  1. Customer decides to purchase online and inputs credit card information.
  2. Merchant’s website receives customer information and sends it to payment processing service.
  3. Processing service routes information to processor.
  4. Processor routes information to bank that issued customer’s credit card
  5. Issuing bank sends authorization (or declination) to processor.
  6. Processor routes transaction results to payment processing service.
  7. Processing service sends results to merchant.
  8. Merchant decides to accept or reject purchase. (Here, the merchant should take additional precautions to ensure the credit card is not stolen and that the customer actually owns this card.)
Fraud: Type risks
  • Product Theft: Using a stolen Credit Card to purchase goods and services
  • Chargebacks: Disputes Credit card purchases
  • Accessing Payment Network
  • Identitiy theft: Fraudster opens new account in another name.
  • Cash Theft: Issuing unauthorized credits or payments.
Fraud: Popular target areas
  • Hi-visible merchants: Known to handle many transactions
  • Vulnerable security systems
  • High-ticket goods: Easily resold
  • Downloadable goods: Easier to hide as a legitimate transaction
  • Sales Season: Higher volume of transactions
  • International markets
Disclosure Policy (merchant provides customers)
  • Business Description:
    - Explains what the company does
  • Privacy Policy: (more)
    - Describes how the business treats and protects customers' information
  • Shipping Policy:
    - Shipping classes offered and expected delivery timeframes
  • Returns Policy:
    - Clear guidelines on how returns are handled
  • Contact Information:
    - Makes it very easy for the customer to get in contact through different communication channels
Fraud Prevention
  • Chargebacks:
    - Specify a timeframe
    - Provide tracking number for customers
    - Describe the item is as much detail as you can
    - Be Upfront about price, Tax,Shipping costs etc...
    - Clear contact, promtly and courteously


PDT (Payment Data Transfer)

PDT is not meant to be used with credit card or Express Checkout transactions

When a customer pays you, PayPal sends the transaction ID of the payment to you by appending the transaction ID to a URL you specify in your account Profile. This information is sent via a HTTP GET as this name/value pair.

To use PDT, you must activate PDT and Auto Return in your PayPal account profile. You must also acquire a PDT identity token, which is used in all PDT communication you send to PayPal.

IPN (Instance Payment Notification)

 IPN notifies you when an event occurs that affects a transaction. Typically, these events represent various kinds of payments; however, the events may also represent authorizations, Fraud Management Filter actions and other actions, such as refunds, disputes, and chargebacks.

IPN is a message service that PayPal uses to notify you about events.





Boy that rlaley helps me the heck out.
Created 18/08/11
W0GGG2 ccwjhxjohzgb
Created 18/08/11
zyFoHf , [url=http://cegpaypdwlxt.com/]cegpaypdwlxt[/url], [link=http://twqebwqfmmpq.com/]twqebwqfmmpq[/link], http://jfxsndwautjt.com/
Created 18/08/11
fJdtJA ientghaznzoa
Created 25/08/11
r0pQvb , [url=http://qtirjkqpfbsa.com/]qtirjkqpfbsa[/url], [link=http://dvdsacrtdxjq.com/]dvdsacrtdxjq[/link], http://kwhcravtlike.com/
Created 30/08/11
“I canada goose outlet think it doesn’t swarovski jewelry bode very
Created 21/01/16
“I canada goose outlet think it doesn’t swarovski jewelry bode very
Created 21/01/16
The michael--kors.org.uk next ralph lauren outlet day patriots jersey Mrs
Created 01/03/16
Tyrion 5c cases watched her ray ban sunglasses read. His timber...
Created 18/04/16
Bond grinned. pandora-bracciali.it "We bcbgmax.in.net only chaussure...
Created 15/06/16

Prove you are not a robot

To prove you are not a robot, please type in the six character code you see in the picture below
Security confirmation codeI can't see this!
Email never shown*
Home Page


Andrew Dodson
Since:Feb 2007

Comment | flag


Bookmark and Share