The Codex of Business Writing Software for Real-World Solutions 2.pptx
Monetize with PayPal X Payments Platform
1. www.x.com Show me the money! A workshop on monetization with PayPal Payments Platform Praveen Alavilli, Aalap Parikh, Carolyn Mellor PayPal Developer Network Feb, 24th 2010
2. agenda Monetization Payments 101 PayPal Services and APIs Development Process PayPal API Basics SDKs and Tools Implementation walk through eCommerce Subscriptions and Recurring Payments Disbursements mCommerce Advanced Use cases with Adaptive Platform Instant Payment Notifications (IPN) Going Live Tips on Security and Fraud
6. eCommerce Virtual Goods Premium Content Value added Services Memberships Subscription License of Content, Brand and Services
7. Before we get our hands dirty A quick overview of what payments are.
8. Payments 101 exchange of value from one party to another As a developer, the sender and receiver may have many different names, depending on their role and objective.
9.
10. different technology to interfaceAs a developer, you select the forms of payments that best fit your application and target the consumer experience.
11. Credit Cards usage of the card is authorized by the issuer in real time PaymentSystem Acquirer Issuer Consumer Merchant
12. How the Money moves authorizations are captured immediately and settled in batch PaymentSystem Acquirer Issuer Consumer Merchant
13. Chargebacks Consumers have the right to chargeback transactions. PaymentSystem Acquirer Issuer Consumer Merchant
14. Chargebacks Consumers have the right to chargeback transactions. The funds are withdrawn from the merchant’s account and credited to the consumer’s account. PaymentSystem Acquirer Issuer Consumer Merchant
16. Debit Card differences PaymentSystem With debit cards, processed as a debit card, the authorization transaction and the settlement (capture) transaction are the same. Money movement is in real time. Acquirer Issuer Consumer Merchant
17. Bank Accounts & ACH PaymentSystem ODFI RDFI Consumer Merchant
18. PaymentSystem With Automated Clearing House (ACH), there is no authorization transaction. Money movement is batch. ODFI RDFI Consumer Merchant Bank Accounts & ACH
24. (while taking care of things that you don’t want to manage yourself) Risk and Fraud Management Security Compliance Settlements Refunds/Charge backs
26. Email Payments (old school) invoice over email from PayPal Virtual Terminal POS terminal on the Cloud ! accept payments over phone, mail, & fax Website Payments Standard (aka WPS or “cut & paste payments”) buttons, buttons, buttons
27. Simple but Powerful Sell Single/Multiple Items (cart) Subscriptions Donations Inventory Control UI Customization Fraud/Risk Controls
28. Express Checkout “all it takes is 3 API Calls” a checkout solution & BML Payflow a payment gateway Website Payments Pro Direct Payments + Express Checkout Mass Payments disbursements
29. Adaptive Platform (Adaptive Payments & Adaptive Accounts) for Web 2.0 and Web.Next applications Parallel and Chained Payments
35. Submit for application review (only AP/AA) Get API credentials Go Live Design and build application Create Sandbox account Get APP ID Signup on x.com
78. Bundled with test token and API credentialsSSL Connection SOAP JSON NVP Authorization Setup Logging Error Handling Configuration API 1 API 2 API 3 Other .NET Java PHP Your Application
80. PAYFLOW PRO SDK Credit card processing Language support Java, .NET Bindings NVP, XML Download: www.x.com/sdks APIs DoDirectPayment Sale Authorization Void Delayed Capture Credit SetExpressCheckoutGetExpressChedout DoExpressCheckoutReferenceTransationRecurringPayment
81. WEBSITE PAYMENTS STANDARD TOOLKIT Payment buttons for your websites Language support Java, .NET, PHP, Ruby Download: www.x.com/sdks Utilities Button Encryption Payment Data Transfer Instant Payment Notification
95. WPS - Implementation Go to www.paypal.com Business Products and Services Select Website Payments Standard Click on “Try it Now” button
96. WPS –HTML <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <!-- Identify your business so that you can collect the payments. --> <input type="hidden" name="business" value="herschelgomez@xyzzyu.com"> <!-- Specify a Buy Now button. --> <input type="hidden" name="cmd" value="_xclick"> <!-- Specify details about the item that buyers will purchase. --> <input type="hidden" name="item_name" value="Hot Sauce-12 oz. Bottle"> <input type="hidden" name="amount" value="5.95"> <input type="hidden" name="currency_code" value="USD"> <!-- Display the payment button. --> <input type="image" name="submit" border="0" src="https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif" alt="PayPal - The safer, easier way to pay online"> <img alt="" border="0" width="1" height="1" src="https://www.paypal.com/en_US/i/scr/pixel.gif" > </form>
104. Express Checkout (EC) “all it takes is 3 API Calls” user convenience reduces friction in buyer’s experience only PayPal accounts recurring payments multiple settlement options issue refunds programmatically The shortest path with the least hassle for PayPal users to checkout.
105.
106. Users are familiar with the button and expect it in the flow.
119. Cut and paste HTML code onto your websiteYou need your own Internet Merchant Account Variety of payment options - PayPal, credit cards, purchase cards, debit cards search, reports, and virtual point-of-sale terminal
120. Payflow Link – How it works ? Checkout Page Thank You! Pay PayPal Hosted Pages
131. Website Payments Pro (WPP) Direct Payment lets you accept credit cards on your website Express Checkout lets you accept PayPal payments on your website
156. EC – How it works ? 3 1 4 2 Merchant sets up recurring payment items. Customer selects Express Checkout and agrees to payment terms. At subsequent billing cycles, PayPal charges customer on behalf of merchant. Merchant can view, modify, or suspend payments.
166. Disbursements PayPal disbursement products allow you to send payments to multiple customers at the same time. Who is target customer? Businesses who disburse money to their customers or clients Product is a replacement for payouts via check, direct debit, and gift cards Some key segments
178. n is the counter of the request (starting with 0 (zero))https://api-3t.sandbox.paypal.com/nvp?{VERSION & CREDENTIALS}& METHOD=MassPay& RECEIVERTYPE=EmailAddress& CURRENCYCODE=USD& L_AMT0=5.00& L_EMAIL0=masspay1%40mikeblanton.com& L_AMT1=5.00& L_EMAIL1=otheraccount%40me.com& L_AMT2=5.00& L_EMAIL2=friend%40hotmail.com
181. mCommerce Comparison shopping applications are the top downloads. Number of Mobile Transactions 10X Red Laser 4 million downloads $380 million in sales (Jan-Sep 2009)
182. The mobile way Clients (Mobile Embedded Payment Toolkit) Mobile Web Pre-approval (Apple) Entirely client-based experience leveraging APIs and plug & play interface Utilized WAP infrastructure and reskinning techniques for seamless integration Web onboarding for a mobile billing agreement
183. Mobile Checkout Similar to Express Checkout but with Mobile UI Supports Phone/Pin login (User sets phone/pin with PayPal) To access mobile checkout, a device, mobile carrier, and browser must support the following: WAP 2.0 phones (not WAP 1.0) xHTML or HTML markup language SSL connections Cookies enabled No carrier "WAP gap"
197. AP – How it works ? API WEB Business Pay API Pay Key Redirect User to PayPal Return URL 109 User Name = P_Mart_admin.api Currency = USD Password = keep$secret Receiver email = Business@P_Mart.com Signature = 23KJHO5AS09I32SDROR Tracking ID = 234235986 Sender Email = john_m@mail.comCancel URL = www.P_Mart.com/home Amount = 100 Return URL = www.P_Mart.com/apstore Pay Key = PA-84HK2A57FCOP3RW Response Request 109 Confidential and Proprietary 109
198. PAYMENT APPROVAL on WEB 1. Login Payment Confirmation 2. Review Your Payment 3. Redirect
199.
200. Pay: Transfer funds between parties. Supports simple, chained, parallel, preapproved payments, etc.
220. Instant Pay Notifications (IPN) Message service that notifies you of events related to: New transactions Updates to previous transactions Dispute management and chargebacks Provides status on pending, cancelled, or failed transactions Allows merchants and developers to integrate payments and automate back-end operations
221. COMMON IPN TYPES Instant payments, such as Express Checkout eCheck payments Pending payments Recurring payments and subscriptions Authorizations Chargebacks Disputes Reversals
222. IPN IN ACTION PayPal posts IPN to seller Seller posts back IPN message to PayPal Buyer clicks Buy Now button PayPal sends VERIFIED/INVALID response
223. IPN MESSAGE IPN is HTTP POST with POST variables consisting of: Information about Seller Information about the Transaction Information about your Buyer Information about the Payment
228. IPN BEST PRACTICES Once IPN is received: Always validate the incoming IPN. Send the response as soon as possible. Check for duplicate IPNs. Respond to all the IPNs or the IPN will be resent. IPN is designed as an asynchronous notification. Never wait for IPN synchronously. Disable any listeners that are not in use. PayPal detects and disables malfunctioning listeners. Where necessary get, transaction information from other methods in addition to using IPN.
229. Development Process Submit for application review Get API credentials Go Live Design and build application Create Sandbox account Get APP ID Signup on x.com
230.
231.
232. Things to note 1. The PayPal X Developer Agreement is your friend. Clearly and concisely explains what is and is not allowed Describes confidentiality and intellectual property rights 2. Your application will be reviewed for: Compliance with payment regulations Acceptable use policy compliance Information security Risk Functionality 3. Applications using only standard functionality go through a less involved review.
233. Going Live Once your app get’s approved, you will receive your Live APP ID. Update your app to use Live APP ID and API Credentials Launch your application Start accepting payments!
246. By following best practices, your applications will be both more robust and more secure.The Open Web Application Security Project (http://www.owasp.org) The Web Application Security Consortium (http://www.webappsec.org/) Security Focus (http://www.securityfocus.com)
248. BEST PRACTICES Be vigilant Authenticate each transaction Real-time authorizations Reduce customer errors Manual review Robust risk rules customized for your business Comprehensive and dynamic fraud scoring Bayesian filters Neural nets Cross merchant and buyer data analysis for patterns Cross channel data analysis patterns
250. Watch out for illegal transactions Certain transactions are illegal. Therefore, the payment and processing of the payment is also illegal. Some examples: Sales of narcotics Child pornography Internet gambling transactions Underage alcohol/tobacco sales All payment mechanisms prohibit payments that violate law. As a developer, creating an application that violates law or enables the violation of law could subject you to criminal and civil liability.
unfortunately most of the monetization techniques that people talk about rely heavily on advertisingAffiliate programsBanner adsBlog advertisingContextual adsInterstitial adsIn-text contextual adsCPA/CPC/CPMPaid Blog PostsLead GenerationRSS adsDataSurveys/Polls
In this workshop we will walk through the implementation of a few of these models using PayPal APIs
While providing:Strong SecurityFraud and Risk ManagementPrivacy enablingSeller Protection
enabling
Single – Multiple ItemsSubscriptionsDonationsInventory controlFraud/risk controlsUI customization
only PayPal accountsrecurring paymentsmultiple settlement optionsissue refunds programmaticallyaccept Credit and Debit Cards in your own application (and)accept payments from PayPal Accounts
In the Express Checkout flow, the buyer:Selects Express Checkout by clicking the Check out with PayPal button.Logs into PayPal to authenticate.Reviews the transaction on PayPal.Confirms the order and pays from your site.Receives an order confirmation.
Credit card processing occurs in two steps — a real-time Authorization and a capture(settlement) of the funds that were authorized. As discussed below, you perform these twosteps either as a single transaction or as two transactions, depending on your business modelFor an Authorization, the server sends the transaction information to a credit card processorwho routes the transaction through the financial networks to the cardholder’s issuing bank.The issuing bank checks whether the card is valid, evaluates whether sufficient credit exists,checks values such as address verification service and card security codes (discussed below),and returns a response: Approved, Declined, Referral, or other response values.You receive the response a few seconds after you submit the transaction to the server. If anAuthorization is approved, the bank temporarily reserves the credit for the amount of thetransaction to prepare to capture (fulfill) the transaction. The hold on funds typically lasts forabout a week.Capturing a transaction actually transfers the funds to your bank. At least once a day, PayPalgathers all transactions that are flagged to be settled and sends them in a batch file to theprocessor. The processor then charges the issuing bank and transfers the funds to your bank. Ittypically takes a few days before the money is actually available in your account, dependingon your bank.To accept credit cards over the internet, you need a special account called an Internet MerchantAccount. Your account provider or merchant (acquiring) bank works with a PayPal-supportedcredit card processor, such as First Data, TSYS Acquiring Solutions (formerly VitalProcessing Services), or Paymentech. To use Payflow Pro to accept live credit cards, you mustprovide certain details about your account to PayPal during the “Go Live” part of theenrollment process.
On the Checkout page:Collect shipping and billing information.Retrieve the IP address of customer's browser.Clicking PAY button invokes the DoDirectPayment method.PayPal API server executes the request and returns a response.Ack code (Success, SuccessWithWarning, or Failure)Transaction amountAVS and CVV response codesPayPal transaction ID and correlation IDError codes and messages (if any)Upon success, send an order confirmation pageIf not successful, display information related to the error.Provide an option to pay using a different payment method.
PayPal account holder:Receives an email alerting them of the paymentMoney is deposited into the recipient’s PayPal account as soon as it is processed and sentNon-PayPal account holder:Receives an email with a link to claim their moneyRecipient needs to sign up for an account and confirm their email to claim the moneyPayments not claimed after 30 days will be returned to the sender.
The simplest application security testing tools are client-side proxies Burp Paros FiddlerWebScarabBrowser plug-ins can also help Tamper DataHttpWatchFree, commercial tools exist to automate security testingAppScanWebInspect
PayPal has built a world-class system to detect fraudulent transactions:Proprietary antifraud risk models and fraud detection techniquesAntifraud specialists proactively monitor transactions 24 hours/7 days per weekPatent-pending bank account verificationSafeguard sensitive information using state-of-the-art encryptionIndustry-recognized address verification system (AVS) and card security code checksIf you resolve a dispute during the PayPal claims process, you are 100% protected against any future chargeback for the same transaction.PayPal will handle the issue without even notifying you.