Paypal 如何保护业务合作伙伴的客户数据?
如果贝宝的业务合作伙伴在其网站中使用贝宝的网络服务。如果该网络服务要求其客户的用户名和密码,那么贝宝如何保护客户的数据?业务合作伙伴?客户、贝宝及其客户之间如何进行肥皂交易商业伙伴?
If business partner of paypal using paypal's web service in its website.If the web service is asking for username and password of its customer,how paypal can protect customers data from there Business partners?How soap transaction can take place between customers,paypal and its business patners?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看来您在问两件不同的事情?但我想尝试回答这两个问题。
问题 1
如果我对您的理解正确的话,您的第一个问题是询问 PayPal 如何为客户提供保护,使其免受“业务合作伙伴”的侵害,我和 PayPal 一样,更常将其称为“商家”。
您提到“业务合作伙伴”收集的用户名和密码,所以我将首先解决这个问题。通常,用户名和密码仅由收集它们的网站保护。通常,网站的登录名和会话与 PayPal 的登录名和会话是分开的。因此,即使该网站使用 PayPal,该网站也可能不会使用 PayPal 来保护登录其自己网站的帐户凭据。
如果网站使用 PayPal 并且提示客户/用户登录其 PayPal 帐户进行付款,则凭证应仅发送到 PayPal 网站(您可以在表单操作中查找 paypal.com [查看源代码] ])。通常,客户只能通过 PayPal 提供的页面上的表单(url 中为 paypal.com)登录 PayPal。我会对任何提示用户登录其 PayPal 帐户但网址域中没有 paypal.com 的页面表示怀疑。即使是现在与 PayPal 拥有相同所有权的 eBay,也会让 eBay 用户在通过 paypal.com 提供服务的页面上输入他们的 PayPal 帐户凭据。
有多种方法可以使用 PayPal 实施付款处理。商家实施 PayPal 支付处理的常见方式是让客户仅将信用卡信息输入 PayPal 服务器。这是 PayPal 保护客户免受业务合作伙伴/商家侵害的方法之一。当 PayPal 收集客户的信用卡信息时,PayPal 不会与商家共享该信用卡信息。仅向商家发送了解付款/交易状态所需的详细信息。
PayPal 还为客户提供另一种类型的保护。它被称为“购买保护”(以前称为“买家保护”),基本上是保证、政策、网络应用程序、组织等的组合,旨在确保买家得到他们向商家支付的费用。
另外,我想补充一点:许多商家认为信用卡信息是一种责任。有些人可能会收集信用卡信息,以便用户能够处理未来的付款而无需重新输入,但许多人根本不存储信用卡信息以避免承担责任。您绝对不应该发送未加密的信用卡信息。您可以通过检查收集信用卡信息的表单的表单操作来检查您的信用卡信息是否会加密发送。大多数浏览器都会让您知道您的信息是否通过安全性降低的协议发布,例如 HTTPS(加密)到 HTTP(纯文本),因此有时会检查当前的 url 是否足够好(尽管仍有解决方法)这)。
问题 2
SOAP 是一种数据交换协议,可用于商家(“业务合作伙伴”)和 PayPal 之间的通信。我认为客户和业务合作伙伴(商家)之间存在 SOAP“交易”(如您所述)并不常见,但从商家到 PayPal,可以使用 PayPal SOAP API。这种数据传输方法与其他方法一样安全,因为必须对通信进行加密才能连接到 PayPal 的 SOAP 服务器。请参阅PayPal SOAP API 或 SOAP 协议 了解更多信息。
It seems you are asking about 2 different things? But I'd like to try and answer them both.
QUESTION 1
If I am understanding you correctly your first question is asking how PayPal might provide protection to the customer from the "business partner," who I, like PayPal, more often call the "merchant."
You mention the username and password collected by the "business partner" so I will address that first. Usually the username and password are only secured by the site that they are collected on. Often a site will have a login and session that is separate from the login and session that is for PayPal. So, even if the site is using PayPal, the site probably does not use PayPal to secure the account credentials for the login to its own site.
If the site is using PayPal and the customer/user is prompted to log in their PayPal account to make a payment, then the credentials should only be sent to the PayPal site (you can look for paypal.com in the form action [view source]). Usually the customer will only be able to log into PayPal through a form on a page that is served by PayPal (paypal.com is in the url). I would would be suspicious of any page that is prompting the user to log into their PayPal account that did not have paypal.com in the domain of the url. Even eBay, who now is under the same ownership as PayPal, will have eBay users enter their PayPal account credentials on a page that is served through paypal.com.
There are several ways to implement payment processing with PayPal. It is common for merchants to implement PayPal payment processing in a way that has the customer enter their credit card information only to the PayPal servers. This is one of the ways that PayPal can protect the customer from the business partner / merchant. When the customer's credit card information is collected by PayPal, PayPal does not share the credit card information with the merchant. The merchant is only sent the details that are necessary to know the status of the payment/transaction.
PayPal also offers another type of protection to the customer. It is called "Purchase Protection" (formerly "Buyer Protection") and it is basically a mix of guarantees, policies, web applications, organization and more that is established to ensure that the buyer gets what they are paying the merchant for.
Additionally, I would like to add: Many merchants consider credit card information a liability. Some may collect it to provide the user with the ability to process future payments without reentry, but many simply do not store the credit card information to avoid the liability. You should never send your credit card information unencrypted. You can check that your credit card information will be sent encrypted by checking the form action of the form that is collecting your credit card information. Most browsers will let you know if your information is being posted across protocols that degrade in security, such as HTTPS (encrypted) to HTTP (plain text), so sometimes checking that the current url MIGHT be good enough (though there are still ways around this).
QUESTION 2
SOAP is a data exchange protocol that can be used to communicate from the merchant ("business partner") and PayPal. I do not believe it is common for there to be a SOAP "transaction" (as you stated) between the customer and the business partner (merchant), but from the merchant to PayPal, the PayPal SOAP API can be used. This method of data transfer is just as secure as other methods due to the fact that the communication must be encrypted to connect to PayPal's SOAP servers. See the details of the PayPal SOAP API or the SOAP protocol for more information.