The Rievent Platform eCommerce solution is integrated with PayPal via the Payflow Pro API. Transactions are processed by the Rievent Platform via PayPal hosted secure pages, then post directly and securely to your PayPal business account.
PayPal and Rievent are Payment Card Industry Data Security Standard (PCI DSS) compliant. The Rievent Platform does not process, store, display, or log any credit card numbers. Users enter payment information directly on PayPal hosted forms integrated into the Rievent platform user workflow.
You may be reading this document because you have been asked to provide PayPal access to the Rievent Platform.
The process is as follows and detailed in sections below.
- First, open a PayPal business account and sign up for Payflow Pro by following the instructions below.
- Next, when your Payflow Pro product is active in your account, follow the instructions to provide Rievent with a sub-account.
- Rievent will sign in to the provided sub-account and configure API access for the Rievent Platform and configure hosted pages.
- Finally, configure your PayPal fraud protection settings.
Step 1: Establish a PayPal Payflow Pro Account
Here is what you will do if you don’t already have a PayPal business account. First, sign up for a PayPal Business account or upgrade your existing PayPal account. During this process, you will also confirm your email address, which verifies the email address where PayPal can send payment receipts and account emails. Provide and confirm your bank account information, which will allow you to easily withdraw funds. Follow these steps.
- Visit https://www.paypal.com/payflow and click the Get Started Today button.
- Select the PayFlow Pro option and complete the registration process.
Step 2: Create a PayPal Pro sub-account for Rievent
Rievent will use the new sub-account to configure hosted payment pages and API access needed for the Rievent Platform integration. Here’s how:
- Sign-in to your PayPal Manager account at https://manager.paypal.com
- Select Account Administration from the top menu
- Under the Manage Users section, select Add User.
- Enter the following User Information:
|Contact Name:||Rievent Platform|
|User Login Name:||Rievent|
|User Password:||Create a 10 digit secure password using a combination of letters, numbers, and punctuation marks.|
|Select a Predefined Role:||ADMIN only for setup
After configuration by Rievent, the account role may be reduced to API_LIMITED_TRANSACTIONS.
Step 3: Securely Provide Rievent with the Rievent PayPal Manager Account Information
Protecting your account information and password is important. Rievent will change the initial password once it has been received as required by PayPal Manager upon first sign-in.
To securely send Rievent the sub-account credentials, place the Partner, Merchant Login, User Login Name, and Password in a password encrypted document, then email the document to Rievent. Do not send the credentials unencrypted and do not transmit the password to the encrypted document in the same email thread. In a separate email, outside of the Rievent ticketing support system, provide the encrypted document's password.
Here is what Rievent will configure for you
For your information, Rievent will configure the following settings in your manager account.
- Allowed IP Addresses for API Access - Security is increased by designating specific computers (IP addresses) from where transactions can be sent to the Payflow servers via the Payflow SDK or API. Using this feature ensures that no one can send transactions to the Payflow servers from an unauthorized computer. The IPs will include the production server, test servers, and developer workstations.
- Hosted Checkout Pages - Rievent will set up the hosted checkout pages as required by the Rievent Platform. This includes all the settings necessary to integrate with the Rievent Platform.
- Hosted Checkout Page Header - An image is presented at the top of the page and will be created to match your website theme.
- Fraud Protection - Rievent will configure basic fraud protection for testing purposes. Please see your responsibilities in the section below, Security and Fraud Management.
Here is what you will configure or provide
Rievent will take care of most of the setup and integration with the Rievent Platform, however, there are items that will require your attention.
Header Artwork for Hosted Pages
The Rievent Platform seamlessly redirects users to PayPal hosted checkout pages to meet PCI DSS security requirements. The PayPal hosted payment page will not have the same branding as your the Rievent learning activity pages. A single image may be placed at the top of the PayPal payment page site. Rievent will create an image for you based on your Rievent platform branding. You may also provide a custom image, if desired.
Security and Fraud Management
Rievent will configure what is necessary to process transactions. It is up to you to configure the fraud management and security rules to suit your organization’s requirements.
Fraud Protection Services offer strong security that prevents fraudulent transactions. It uses fraud filters, password management, allowed IPs, security audits, and advance features such as Account Monitoring and Buyer Authentication to proactively combat all types of online theft. The fraud package, in conjunction with your Payflow service's standard security tools, offers a suite of technologies from authentication to rules engines to provide comprehensive and layered security.
Items to configure should include the following.
- Maximum Transaction Amount- set to a value greater than the largest single transaction anticipated providing a safe upper transaction limit. Keep in mind, there may be cases where multiple products are purchased in a single “shopping cart” transaction.
- Country Monitor– Restrict transactions to specific countries as needed.
- AVS No Match– deny
- Card Security (CSC) Mismatch– deny
Other filters may be configured, as your organization requires. However, setting filters too restrictive may make the checkout process difficult for your users. Rievent can meet with you to review your settings prior to going live. Settings are specific to test and live modes. Test filters may be moved to live within PayPal Manager. It may be necessary to reduce filters during testing, so please be aware to update any filter restrictions lowered in test mode.
Examples of filters include Zip Risk List Match, Total Purchase Price Ceiling, AVS Failure, CSC Failure, and Buyer Auth Failure.
For more information, please reference PayPal documentation.