Additional information
PayPal fraud prevention
PayPal's fraud prevention features are designed to help you protect your business from online fraud. This section outlines the available options you can set up and monitor to safeguard the data you handle.
User account status
The PayPal account status can be either verified or unverified:
- Initially, when a consumer registers with PayPal, their account status is unverified.
- Account becomes verified only after the consumer validates the funding source linked to the account.
You should implement both verification statuses on your website. Additionally, consider offering rewards to consumers with verified accounts.
Possible values | Getting verified | How to use | Best practices |
---|---|---|---|
|
The consumer must:
|
This value is returned in the response with the order status. Based on the returned value, you accept, deny, or challenge the payment. |
|
Address status
When an address is marked "Confirmed," it means the buyer's credit card billing address matches their shipping address. PayPal keeps a record of transactions sent to each address. If an address is used frequently without any reported issues, it gets the "Confirmed" status.
Most unconfirmed addresses are legitimate, and sellers rarely have problems with them. However, when shipping to an unconfirmed address, PayPal advises you to stay vigilant and reduce risks by following PayPal's security tips for sellers.
Possible values | How to use | Best practices |
---|---|---|
|
This value is returned in the response with the status of the order. Based on the returned value you can accept, deny or challenge the payment. | Set a minimum payment amount to automatically accept payments. You must implement this option on your website. |
Payer ID
The unique identifier of a PayPal account remains constant throughout its entire lifespan. This identifier is a 13-character alphanumeric value (e.g., RZJF8EE021L5P).
How to use | Best practices |
---|---|
|
Set a minimum payment amount to automatically accept payments. You must implement this option on your website. |
Account ID
Account ID is the username the PayPal account holder used during registration. You can use this for blacklist or whitelist purposes, as well as for velocity checks.
Value | How to use | Best practices |
---|---|---|
Email address |
|
Set a minimum payment amount to automatically accept payments. You must implement this option on your website. |
Billing agreement
To obtain funds from the buyer's account, you need their permission. The buyer must log in to PayPal once to agree, but future logins won't be required for subsequent transactions. This agreement is known as a billing agreement between you and the buyer and is maintained by PayPal. Buyers can agree to the billing during the Express Checkout flow.
The billing agreement ID is stored in our database and is automatically sent to PayPal whenever a new recurring payment is made on an order. This ID remains valid until the buyer cancels it. A buyer can have multiple billing agreement IDs for your site, which might happen if they establish separate agreements for different services.
PayPal reference transactions
Reference transactions let you collect recurring payments through PayPal with flexible amounts and schedules. Buyers can sign up for these payments during the Express Checkout flow. With reference transactions, you control both the transaction amount and the timing.
The reference transactions feature is considered high-risk by PayPal, and you need individual approval from PayPal Underwriting to use it.
Before charging buyers, they must set up a billing agreement hosted on PayPal. PayPal will ensure that the buyer explicitly agrees to the reference transaction during the purchase flow. This agreement must also be stated in your website's terms and conditions.
Approval process
You need additional approval to use the reference transactions feature:
- New PayPal sellers: Request approval as part of the underwriting procedure.
- Existing PayPal sellers: Ask your account manager to initiate the approval process.
Once approved, only a minor change is needed in your PayPal account to start using reference transactions, and no other modifications are necessary.
Configuration adjustment
All recurring payments are linked to the original order, which is set as the Invoice ID in PayPal. Therefore, you must disable the blocking of duplicate Invoice IDs in the PayPal configuration. Your Implementation Manager will handle this for you. If not done, you will receive the error:
10412, MESSAGE: Payment has already been made for this Invoice ID
Steps to change configuration:
- After logging in, go to Profile.
- Click the Payment Receiving Preferences link under Selling Preferences.
- Select "No, allow multiple payments per invoice ID."
Limitations imposed by PayPal
- The profile start date cannot be earlier than the profile creation date.
- You can create a maximum of 10 recurring payment profiles during checkout.
- Each recurring payment must not exceed $10,000 USD (or the equivalent in other currencies).
- Only the consumer can cancel the billing agreement.
PayPal API flow
When the consumer selects PayPal as a payment option from your payment page, they're redirected to the PayPal website to log in and select their funding source. The consumer is then presented with a confirmation page. If the billing agreement was accepted, PayPal returns information about the purchase and a billing agreement ID. This ID is saved in our database for future recurring payments for this order.
Transaction details
The transaction details on the initial order (see Figure 4) will be the same as a normal one-off PayPal transaction. Please note that the billing agreement ID is not shown on the initial order, only on the recurring payment details.
The screenshot below shows the transaction details of a recurring payment with the Billing Agreement ID. Please note that the initial order and all recurring payments have the same InvoiceID and Custom number. By default, the value for both InvoiceID and Custom number is our payment reference number. But InvoiceID may be the airline ticket number if the airline data is used.
The consumer can cancel Billing Agreement at any time without any notification being sent to you. If you attempt to issue a recurring payment on a cancelled Billing Agreement, you would get a PayPal error with error code 10201 Message: Agreement cancelled. Once the Billing Agreement is cancelled, it cannot be reused. The consumer must establish a new Billing Agreement.
PayPal Airline Data
The GlobalCollect platform has implemented support for Airline Data as part of the PayPal transaction. If you are an airline you can take advantage of this feature to store specific information regarding flights with your existing PayPal account through us.
Refunds
Refunds must be issued within 180 days of the original transaction. If you are an airline company, this period is extended to 365 days. Should your business need a longer refund period your account manager is happy to request this at PayPal. The request should be accompanied by your terms & conditions and the reason why you will need a longer refund period.
Your liability
PayPal’s policy outlines that a merchant is both liable and responsible for all PayPal disputes, claims andchargeback’s. Please click here for the most up to date information on dispute handling and resolution. Please click here for PayPal’s comprehensive guide on chargebacks.
Chargebacks
Once the chargeback is initiated, PayPal will temporarily hold the funds from your account. These funds will be held by PayPal until the outcome of the chargeback is resolved. If the consumer wins the case, the funds will be released to the consumer. If you win the case, the funds will be released to you. You must respond to all PayPal chargebacks within 10 days, providing all requested supporting documentation. In the table below is an overview of the actions that needs to be taken by you.
Type | Reason | Status Name | Status Definition | Action – Button | Relevance for merchant / required action |
---|---|---|---|---|---|
Dispute | Non-receipt | Open | Dispute between Buyer and Seller is open. PayPal is not investigating | View |
|
Chargeback | Unauthorized | Requiring your action | Seller must respond | Respond |
|
Chargeback | Non-Receipt | Requiring your action | Seller must respond | Respond |
|
Chargeback | Merchandise | Requiring your action | Seller must respond | Respond |
|
Chargeback | Duplicate | Requiring your action | Seller must respond | Respond |
|
Chargeback | Special | Requiring your action | Seller must respond | Respond |
|
Chargeback | Unauthorized | Being Reviewed by PayPal | PayPal is reviewing the seller's response to determine if we can dispute the chargeback case. | No Button Available | no actions needed by Seller / PayPal is currently reviewing the case |
Chargeback | Non-Receipt | Being Reviewed by PayPal | PayPal is reviewing the seller's response to determine if we can dispute the chargeback case. | No Button Available | no actions needed by Seller / PayPal is currently reviewing the case |
Chargeback | Merchandise | Being Reviewed by PayPal | PayPal is reviewing the seller's response to determine if we can dispute the chargeback case. | No Button Available | no actions needed by Seller / PayPal is currently reviewing the case |
Chargeback | Duplicate | Being Reviewed by PayPal | PayPal is reviewing the seller's response to determine if we can dispute the chargeback case. | No Button Available | no actions needed by Seller / PayPal is currently reviewing the case |
Chargeback | Special | Being Reviewed by PayPal | PayPal is reviewing the seller's response to determine if we can dispute the chargeback case. | No Button Available | no actions needed by Seller / PayPal is currently reviewing the case |
A dispute can be initiated through the consumers resolution center within their PayPal account. Upon a dispute being initiated, an email notification will be sent to you to the email address you have set in your companies PayPal account. PayPal will expect that you and the consumer can resolve the dispute amicably amongst themselves. Once the dispute is initiated, PayPal will temporarily hold the funds from your account. These funds will be held by PayPal until the outcome of the dispute is resolved. If the consumer wins the case, the funds will be released to the consumer. If you win the case, the funds will be released to you. You can start the dispute resolution process by logging into your PayPal account and go to “Resolution Center” from the “My Account Overview” page. All the opened disputes or claims will be listed in the Resolution Center.
Disputes can be escalated to a claim, which is explained below, by either the consumer or by you at any time within 20 days of the date the dispute was opened. The consumer will receive an automated email reminding them of the deadline for escalating to a claim (day 16 and 18). If a dispute is not closed or escalated within 20 days of being filed, the dispute will be closed automatically. Once a dispute is closed it can no longer be escalated to a claim for PayPal to review.
Claims
If you and the consumer are unable to resolve a dispute, the dispute can be escalated to a PayPal claim. By escalating the dispute to a claim, you or the consumer is asking PayPal to review the case and decide the outcome. PayPal will request information from the merchant and the merchant will have 7 days to provide the documentation/information to support the claim. If the documentation is not received by PayPal within 10 days from the original request, PayPal will automatically accept the claim, refund the consumer and debit you. In some instances PayPal might enforce shorter timelines and these will be communicated in the email you receive. PayPal endeavors to decide on claims within 30 days.
Forbidden industries
- Any adult related industry
- Drugs or pharmaceuticals (and all drugs related)
- Illegal activities, products/services and the peripheral support (service providing) of illegal activities.
- Terrorists, individuals and organizations supporting terrorist activities as listed by any government (www.treasury.gov/offices/enforcement/ofac/sanctions/terrorism.html)or any other applicable government site.
- Travel (without license of National Travel Industry Bonding Organization)
- Weapons, weapons related activities
- Animal trading of any kind
- Aggregators
- Clients which may damage the brand or reputation of either us, its supplying banks or card associations – with specific reference to MasterCard “Brand damaging transactions” guidelines.
Any business that the Risk Department or Board of directors decide to be unethical. In such situations each case is examined individually.
Setting Up Your PayPal Account
You will need to setup a PayPal Business Account. The fields described below are for an “United Kingdom” PayPal account, but there may be additional fields to complete for opening PayPal accounts in various countries. If you already have a PayPal account, you will have to open a new PayPal account to enable processing via us. There are no exceptions to this rule. You are legally forbidden to withdraw any funds from this PayPal account or use “Send Money” to transfer fund to another PayPal account.
Completing the following steps will ensure that a Business PayPal account is successfully setup.
- Go to https://www.paypal.com. The country will automatically detected and you can chance that if needed
- Click on the “Sign up” link From the account types displayed, select Business Account. If additional options are given to choose (e.g. Standard, Pro, etc.), select the desired level and click the “Continue” button.
- You will now be asked to provide details on your business, contact person and login details. The sections below detail the information that you will have to provide. After you have entered your e-mail address in order to sign-up or login, you will need to provide additional business information.
Field Name Description Mandatory Business Type Type of business (e.g. sole proprietor) Yes Business Name Official name of business Yes Address Line 1 Merchant’s business postal address Yes Address Line 2 Merchant’s business postal address No Town City Merchant’s business postal address Yes County Merchant’s business postal address Yes Postcode Merchant’s business postal address Yes Country Merchant’s business postal address Yes Category Select from drop down, the main goods or services being sold Yes Subcategory Select from drop down, the subcategory which best describes that the merchant is selling Yes Business URL Primary URL of business Yes - Business Owner Contact Information
Field Name Description Mandatory First Name Owner’s first name Yes Last Name Owner’s last name Yes Country of Citizenship Owner’s country Yes Work Telephone Owner’s work telephone number Yes Home Telephone Owner’s home telephone number No Mobile Telephone Owner’s mobile telephone number No Home Address If same as business address or fill in full home address Yes The Primary account holder must thoroughly read the User agreement and Privacy Policy. - Account Confirmation: Once you have completed the sign up process, PayPal will send an email to the email address you just provided requesting you activate the email address. The e-mail will be sent from service@paypal.com. If you can’t find an email from PayPal, check the junk/spam filter as it can accidentally have been blocked. Click the hyperlink in the email and follow the instructions on screen
- Optional Business Information: The completion of all fields is mandatory. This is to enable the PayPal underwriting team to assess the account. If the information is not provided PayPal will not allow you to start processing with your account. You can also reach these details by updating the “Business Information” page in the “My Business Details” section in your profile.
- Bank Accounts and other funding options: The setup process may prompt you to add funding sources to the account. As our clients do not require any funding or withdrawal options on their account, this is not applicable. Select continue.
- Grant API Access: It is important to grant API Access to us to allow API calls on your behalf. If this is not configured, all transactions will fail. To grant the API access do as follows:
- Go to the “Profile tab”
- Select “Profile and settings”
- Click on “My selling preferences”
- Click on update “API access”
- Click on option 1 “Grant API permission”
- Enter “paypal.merchant_api1.globalcollect.com” as Third Party Permission Username
- Click “Lookup” button. DO NOT click Cancel on this page.
- Check the boxes as indicated in the screenshot below
- Click on “Add”
-
Block Payments: There are a few payment options that should be blocked from acceptance. These options cause problems with the reconciliation of payments done by us. To block these payments :
- Go to the “Profile” tab
- Select “Profile and settings”
- Click on “My selling preferences”
- Click update “Block payments”
- Select the following options:
- Allow payments sent to me in a currency I do not hold, select the“No, refuse the payments”, so that you block the payments that are in a currency that you do not support
- Block payments from users who initiate payments from Pay anyone subtab of the Send Money tab
- Block the following payments: Pay with eCheque or German bank transfer for all website payments except eBay.
-
Multi-Currency Acceptance: you can enable additional currencies. In order to set this up, follow these steps:
- Go to the “Profile” tab
- Select “Profile and settings”
- Click on “My money”
- Click on “PayPal Balance”
- Click on “currencies” and the list of currently accepted currencies will be shown
- Select the primary currency of the account and press the “make primary” button
- Select the additional currencies that your wish to accept by choosing these currencies from the drop-down list and click the “Add Currency” button.
Do not use currency exchange. We remit funds to you in the currency of your choice.
- In case you do not longer want to accept a currency, please select that currency and click the “Close Currency” button.
- Please ensure that the balance of the account is zero before disabling the currency. If there is a balance in the system will force a currency conversion to another open currency.
- Create SFTP Access: if your account is not in one of the MAM supported countries, you will have to grant us access to reports from your account. For this purpose, you will have to create SFTP access for us. Please contact your implementation team to exchange the login details and procedure.