How-to Guide: PayPal Payflow Pro Integration Setup

The Rievent Platform eCommerce solution is integrated with PayPal via the Payflow Pro API. Transactions are processed by the Rievent Platform via PayPal hosted secure pages then post directly and securely to your PayPal business account.

PayPal and Rievent are Payment Card Industry Data Security Standard (PCI DSS) compliant. The Rievent Platform does not process, store, display, or log any credit card numbers.  Users enter payment information directly on PayPal hosted forms integrated into the Rievent platform user workflow.

You may be reading this document because you have been asked to provide PayPal access to the Rievent Platform.

The process is as follows and detailed in sections below.

  • First, open a PayPal business account and sign up for Payflow Pro by following the instructions below.
  • Next, when your Payflow Pro product is active in your account, follow the instructions to provide Rievent with a sub-account.
  • Rievent will sign in to the provided sub-account and configure API access for the Rievent Platform and configure hosted pages.
  • Finally, configure your PayPal fraud protection settings.

Step 1: Establish a PayPal Payflow Pro Account

Here is what you will do if you don’t already have a PayPal business account.  First, sign up for a PayPal Business account or upgrade your existing PayPal account. During this process you will also confirm your email address, which verifies the email address where PayPal can send payment receipts and account emails. Provide and confirm your bank account information, which will allow you to easily withdraw funds.  Follow these steps.

  • Visit https://www.paypal.com/payflow and click the Get Started Today button.
  • Select the PayFlow Pro option and complete the registration process.

Step 2: Create a PayPal Pro sub-account for Rievent

Rievent will use the new sub-account to configure hosted payment pages and API access needed for the Rievent Platform integration.  Here’s how.

  • Sign-in to your PayPal Manager account at https://manager.paypal.com
  • Select Account Administration from the top menu
  • Under the Manage Users section, select Add User.
  • Enter the following User Information:

Contact Name:   Rievent Platform
Phone:   (leave blank)
Email: paypal@rievent.com
User Login Name: Rievent
User Password Create a 10 digit secure password using a combination of letters, numbers, and punctuation marks.
Select a Predefined Role: ADMIN only for setup
After configuration by Rievent, the account role may be reduced to API_LIMITED_TRANSACTIONS.
User Status: Active

 

Step 3: Securely Provide Rievent with the Rievent PayPal Manager Account Information

Protecting your account information and password is important.  Rievent will change the initial password once it has been received as required by PayPal Manager upon first sign-in.

To securely send Rievent the sub-account credentials, place the Partner, Merchant Login, User Login Name, and Password in a password encrypted document, then email the document to Rievent. Do not send the credentials unencrypted and do not transmit the password to the encrypted document in the same email thread. In a separate email, outside of the Rievent ticketing support system, provide the encrypted document's password.

Here is what Rievent will configure for you

For your information, Rievent will configure the following settings in your manager account.

  • Allowed IP Addresses for API Access. Security is increased by designating specific computers (IP addresses) from where transactions can be sent to the Payflow servers via the Payflow SDK or API. Using this feature ensures that no one can send transactions to the Payflow servers from an unauthorized computer.  The IPs will include the production server, test servers, and developer workstations.
  • Hosted Checkout Pages. Rievent will set up the hosted checkout pages as required by the Rievent Platform. This includes all the settings necessary to integrate with the Rievent Platform. 
  • Hosted Checkout Page Header. An image is presented at the top of the page and will be created to match your web site theme.
  • Fraud Protection. Rievent will configure basic fraud protection for testing purposes. Please see your responsibilities in the section below, Security and Fraud Management.

Here is what you will configure or provide

We will take care of most of the set up and integration with the Rievent Platform.  There are some items that require your attention.

Security and Fraud Management

Rievent will configure what is necessary to process transactions.  You should configure the fraud management and security rules to suit your organization’s requirements.

Fraud Protection Services offer strong security that prevents fraudulent transactions. It uses fraud filters, password management, allowed IPs, security audits, and advance features such as Account Monitoring and Buyer Authentication to proactively combat all types of online theft. The fraud package, in conjunction with your Payflow service's standard security tools, offers a suite of technologies from authentication to rules engines to provide comprehensive and layered security.

 Items to configure should include the following.

  • Maximum Transaction Amount- set to a value greater than the largest single transaction anticipated providing a safe upper transaction limit. Keep in mind, there may be cases were multiple products are purchased in a single “shopping cart” transaction.
  • Country Monitor– Restrict transactions to specific countries as needed.
  • AVS No Match– deny
  • Card Security (CSC) Mismatch– deny

Other filters may be configured, as your organization requires. However, setting filters too restrictive may make the checkout process difficult for your users.  Rievent can meet with you to review your settings prior to going live.  Settings are specific to test and live modes.  Test filters may be moved to live within PayPal Manager. It may be necessary to reduce filters during testing, so please be aware to update any filter restrictions lowered in test mode.

Examples of filters include Zip Risk List Match, Total Purchase Price Ceiling, AVS Failure, CSC Failure, and Buyer Auth Failure.  

For more information, please reference PayPal documentation.

Header Artwork for Hosted Pages

The Rievent Platform seamlessly redirects users to PayPal hosted checkout pages to meet PCI DSS security requirements.  The page will not have the same branding per the Rievent theme for your Rievent hosted web site.  A single image may be placed at the top of the site. Rievent will create an image for you based on your site’s theme.  You may also provide a custom image, if desired.