unfortunately most of the monetization techniques that people talk about rely heavily on advertisingAffiliate programsBanner adsBlog advertisingContextual adsInterstitial adsIn-text contextual adsCPA/CPC/CPMPaid Blog PostsLead GenerationRSS adsDataSurveys/Polls
In this workshop we will walk through the implementation of a few of these models using PayPal APIs
In the Express Checkout flow, the buyer:Selects Express Checkout by clicking the Check out with PayPal button.Logs into PayPal to authenticate.Reviews the transaction on PayPal.Confirms the order and pays from your site.Receives an order confirmation.
Credit card processing occurs in two steps — a real-time Authorization and a capture(settlement) of the funds that were authorized. As discussed below, you perform these twosteps either as a single transaction or as two transactions, depending on your business modelFor an Authorization, the server sends the transaction information to a credit card processorwho routes the transaction through the financial networks to the cardholder’s issuing bank.The issuing bank checks whether the card is valid, evaluates whether sufficient credit exists,checks values such as address verification service and card security codes (discussed below),and returns a response: Approved, Declined, Referral, or other response values.You receive the response a few seconds after you submit the transaction to the server. If anAuthorization is approved, the bank temporarily reserves the credit for the amount of thetransaction to prepare to capture (fulfill) the transaction. The hold on funds typically lasts forabout a week.Capturing a transaction actually transfers the funds to your bank. At least once a day, PayPalgathers all transactions that are flagged to be settled and sends them in a batch file to theprocessor. The processor then charges the issuing bank and transfers the funds to your bank. Ittypically takes a few days before the money is actually available in your account, dependingon your bank.To accept credit cards over the internet, you need a special account called an Internet MerchantAccount. Your account provider or merchant (acquiring) bank works with a PayPal-supportedcredit card processor, such as First Data, TSYS Acquiring Solutions (formerly VitalProcessing Services), or Paymentech. To use Payflow Pro to accept live credit cards, you mustprovide certain details about your account to PayPal during the “Go Live” part of theenrollment process.
On the Checkout page:Collect shipping and billing information.Retrieve the IP address of customer's browser.Clicking PAY button invokes the DoDirectPayment method.PayPal API server executes the request and returns a response.Ack code (Success, SuccessWithWarning, or Failure)Transaction amountAVS and CVV response codesPayPal transaction ID and correlation IDError codes and messages (if any)Upon success, send an order confirmation pageIf not successful, display information related to the error.Provide an option to pay using a different payment method.
PayPal account holder:Receives an email alerting them of the paymentMoney is deposited into the recipient’s PayPal account as soon as it is processed and sentNon-PayPal account holder:Receives an email with a link to claim their moneyRecipient needs to sign up for an account and confirm their email to claim the moneyPayments not claimed after 30 days will be returned to the sender.
The simplest application security testing tools are client-side proxies Burp Paros FiddlerWebScarabBrowser plug-ins can also help Tamper DataHttpWatchFree, commercial tools exist to automate security testingAppScanWebInspect
PayPal has built a world-class system to detect fraudulent transactions:Proprietary antifraud risk models and fraud detection techniquesAntifraud specialists proactively monitor transactions 24 hours/7 days per weekPatent-pending bank account verificationSafeguard sensitive information using state-of-the-art encryptionIndustry-recognized address verification system (AVS) and card security code checksIf you resolve a dispute during the PayPal claims process, you are 100% protected against any future chargeback for the same transaction.PayPal will handle the issue without even notifying you.
www.x.com Show me the money! A workshop on monetization with PayPal Payments Platform Praveen Alavilli, Aalap Parikh, Carolyn Mellor PayPal Developer Network Feb, 24th 2010
agenda Monetization Payments 101 PayPal Services and APIs Development Process PayPal API Basics SDKs and Tools Implementation walk through eCommerce Subscriptions and Recurring Payments Disbursements mCommerce Advanced Use cases with Adaptive Platform Instant Payment Notifications (IPN) Going Live Tips on Security and Fraud
As a developer, you select the forms of payments that best fit your application and target the consumer experience.
Credit Cards usage of the card is authorized by the issuer in real time PaymentSystem Acquirer Issuer Consumer Merchant
How the Money moves authorizations are captured immediately and settled in batch PaymentSystem Acquirer Issuer Consumer Merchant
Chargebacks Consumers have the right to chargeback transactions. PaymentSystem Acquirer Issuer Consumer Merchant
Chargebacks Consumers have the right to chargeback transactions. The funds are withdrawn from the merchant’s account and credited to the consumer’s account. PaymentSystem Acquirer Issuer Consumer Merchant
Debit Card differences PaymentSystem With debit cards, processed as a debit card, the authorization transaction and the settlement (capture) transaction are the same. Money movement is in real time. Acquirer Issuer Consumer Merchant
Bank Accounts & ACH PaymentSystem ODFI RDFI Consumer Merchant
PaymentSystem With Automated Clearing House (ACH), there is no authorization transaction. Money movement is batch. ODFI RDFI Consumer Merchant Bank Accounts & ACH
PAYFLOW PRO SDK Credit card processing Language support Java, .NET Bindings NVP, XML Download: www.x.com/sdks APIs DoDirectPayment Sale Authorization Void Delayed Capture Credit SetExpressCheckoutGetExpressChedout DoExpressCheckoutReferenceTransationRecurringPayment
WEBSITE PAYMENTS STANDARD TOOLKIT Payment buttons for your websites Language support Java, .NET, PHP, Ruby Download: www.x.com/sdks Utilities Button Encryption Payment Data Transfer Instant Payment Notification
WPS - Implementation Go to www.paypal.com Business Products and Services Select Website Payments Standard Click on “Try it Now” button
WPS –HTML <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <!-- Identify your business so that you can collect the payments. --> <input type="hidden" name="business" value="firstname.lastname@example.org"> <!-- Specify a Buy Now button. --> <input type="hidden" name="cmd" value="_xclick"> <!-- Specify details about the item that buyers will purchase. --> <input type="hidden" name="item_name" value="Hot Sauce-12 oz. Bottle"> <input type="hidden" name="amount" value="5.95"> <input type="hidden" name="currency_code" value="USD"> <!-- Display the payment button. --> <input type="image" name="submit" border="0" src="https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif" alt="PayPal - The safer, easier way to pay online"> <img alt="" border="0" width="1" height="1" src="https://www.paypal.com/en_US/i/scr/pixel.gif" > </form>
When simple isn’t enough Developers always want :
eCommerce with Express Checkout a checkout solution
Express Checkout (EC) “all it takes is 3 API Calls” user convenience reduces friction in buyer’s experience only PayPal accounts recurring payments multiple settlement options issue refunds programmatically The shortest path with the least hassle for PayPal users to checkout.
EC – How it works ? Confirm Order (optional) Shopping Cart Login Review Info Confirmation Usability Testing Findings
Users feel confident about clicking on the Checkout with PayPal button.
Users are familiar with the button and expect it in the flow.
Users feel the process is streamlined and quicker due to the reduced amount of data entry.
EC – API
SetExpressCheckout - Sets up the Express Checkout transaction
WPs– Implementation Go to www.paypal.com Business Products and Services Select Website Payments Standard Click on Try it Now button <Demo>
WPs– HTML <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <!-- Identify your business so that you can collect the payments. --> <input type="hidden" name="business" value="email@example.com"> <!-- Specify a Subscribe button. --> <input type="hidden" name="cmd" value="_xclick-subscriptions"> <!-- Identify the subscription. --> <input type="hidden" name="item_name" value="Alice's Weekly Digest"> <input type="hidden" name="item_number" value="DIG Weekly"> <!-- Set the terms of the regular subscription. --> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="a3" value="5.00"> <input type="hidden" name="p3" value="1"> <input type="hidden" name="t3" value="M"> <!-- Display the payment button. --> <input type="image" name="submit" border="0" src="https://www.paypal.com/en_US/i/btn/btn_subscribe_LG.gif" alt="PayPal - The safer, easier way to pay online"> <img alt="" border="0" width="1" height="1" src="https://www.paypal.com/en_US/i/scr/pixel.gif" > </form>
Subscriptions with Express Checkout Recurring payments
EC – How it works ? 3 1 4 2 Merchant sets up recurring payment items. Customer selects Express Checkout and agrees to payment terms. At subsequent billing cycles, PayPal charges customer on behalf of merchant. Merchant can view, modify, or suspend payments.
Disbursements PayPal disbursement products allow you to send payments to multiple customers at the same time. Who is target customer? Businesses who disburse money to their customers or clients Product is a replacement for payouts via check, direct debit, and gift cards Some key segments
mCommerce Comparison shopping applications are the top downloads. Number of Mobile Transactions 10X Red Laser 4 million downloads $380 million in sales (Jan-Sep 2009)
The mobile way Clients (Mobile Embedded Payment Toolkit) Mobile Web Pre-approval (Apple) Entirely client-based experience leveraging APIs and plug & play interface Utilized WAP infrastructure and reskinning techniques for seamless integration Web onboarding for a mobile billing agreement
Mobile Checkout Similar to Express Checkout but with Mobile UI Supports Phone/Pin login (User sets phone/pin with PayPal) To access mobile checkout, a device, mobile carrier, and browser must support the following: WAP 2.0 phones (not WAP 1.0) xHTML or HTML markup language SSL connections Cookies enabled No carrier "WAP gap"
These are the same agreements used with Adaptive Payments.
Mobile Embedded Payments (MEP) Provides an easy way to enable payments in iPhoneapplications Customers never leave the application to pay No worries about collecting or handling financial information Example use cases Restaurant chain application for ordering and payment Plumbing service application for booking and paying Charity application for donation collection Selling merchandise in games and social applications
Pre-approval for one-time, multi-use, and subscription payments Configurable personal identification number (PIN) support
Parallel and chained (Split) payments
Allows single payment to multiple receivers Facilitates multiple use cases: marketplace payments, service fees, multi-merchant checkout, and so on
AP – How it works ? API WEB Business Pay API Pay Key Redirect User to PayPal Return URL 109 User Name = P_Mart_admin.api Currency = USD Password = keep$secret Receiver email = Business@P_Mart.com Signature = 23KJHO5AS09I32SDROR Tracking ID = 234235986 Sender Email = firstname.lastname@example.orgCancel URL = www.P_Mart.com/home Amount = 100 Return URL = www.P_Mart.com/apstore Pay Key = PA-84HK2A57FCOP3RW Response Request 109 Confidential and Proprietary 109
PAYMENT APPROVAL on WEB 1. Login Payment Confirmation 2. Review Your Payment 3. Redirect
Personal and Premier account creation (Business account creation to come soon). API Request (required fields in bold): Account Type (valid values are Personal, Premier) Name: First, Last Address: Address Line 1, Line 2, City, Zip Country: Country Code Email Phone Preferred Language Code Return URL Registration Type (valid value is Web) Other fields are also dependent on the country DOB Citizenship Country Code API Response: execStatus Redirect URL: The user needs to be redirected to this URL for finishing the account signup process (password and Add Funding Sources flow).
Instant Pay Notifications (IPN) Message service that notifies you of events related to: New transactions Updates to previous transactions Dispute management and chargebacks Provides status on pending, cancelled, or failed transactions Allows merchants and developers to integrate payments and automate back-end operations
COMMON IPN TYPES Instant payments, such as Express Checkout eCheck payments Pending payments Recurring payments and subscriptions Authorizations Chargebacks Disputes Reversals
IPN IN ACTION PayPal posts IPN to seller Seller posts back IPN message to PayPal Buyer clicks Buy Now button PayPal sends VERIFIED/INVALID response
IPN MESSAGE IPN is HTTP POST with POST variables consisting of: Information about Seller Information about the Transaction Information about your Buyer Information about the Payment
Listener can be enabled from Profile-> Instant Payment Notification
Per Transaction Listener (Notify URL) can be used from buttons and API requests
* Requires subscription. Contact Customer Service for access
IPN HISTORY: RESENDING IPN History->IPN History
IPN BEST PRACTICES Once IPN is received: Always validate the incoming IPN. Send the response as soon as possible. Check for duplicate IPNs. Respond to all the IPNs or the IPN will be resent. IPN is designed as an asynchronous notification. Never wait for IPN synchronously. Disable any listeners that are not in use. PayPal detects and disables malfunctioning listeners. Where necessary get, transaction information from other methods in addition to using IPN.
Development Process Submit for application review Get API credentials Go Live Design and build application Create Sandbox account Get APP ID Signup on x.com
Submitting your Adaptive APIs app for review Upgrade to a PayPal Business Account Get Verified Obtain Live API Credentials Submit App App description Kind of Payments it provisions Test URL and related testing info Services you use (simple/adanced) A few screenshots Answer a few questions to make sure your app is Secure, and doesn’t violate any regulations.
Things to note 1. The PayPal X Developer Agreement is your friend. Clearly and concisely explains what is and is not allowed Describes confidentiality and intellectual property rights 2. Your application will be reviewed for: Compliance with payment regulations Acceptable use policy compliance Information security Risk Functionality 3. Applications using only standard functionality go through a less involved review.
Going Live Once your app get’s approved, you will receive your Live APP ID. Update your app to use Live APP ID and API Credentials Launch your application Start accepting payments!
WHEN TRANSACTIONS GO RIGHT Order Payment Shipment /Delivery
Harden your servers, frameworks, and applications and keep them up to date.
By following best practices, your applications will be both more robust and more secure.
The Open Web Application Security Project (http://www.owasp.org) The Web Application Security Consortium (http://www.webappsec.org/) Security Focus (http://www.securityfocus.com)
Fighting Fraud Consumer fraud Merchant fraud Phishing Social engineering
BEST PRACTICES Be vigilant Authenticate each transaction Real-time authorizations Reduce customer errors Manual review Robust risk rules customized for your business Comprehensive and dynamic fraud scoring Bayesian filters Neural nets Cross merchant and buyer data analysis for patterns Cross channel data analysis patterns
Watch out for illegal transactions Certain transactions are illegal. Therefore, the payment and processing of the payment is also illegal. Some examples: Sales of narcotics Child pornography Internet gambling transactions Underage alcohol/tobacco sales All payment mechanisms prohibit payments that violate law. As a developer, creating an application that violates law or enables the violation of law could subject you to criminal and civil liability.