The Secure Payment Profile Webform allows your customers to create their own Secure Payment Profile. This link can be shared publicly—such as on your website or via email—and when doing so, we strongly recommend that you implement safeguards to prevent malicious intent.
Educating yourself on available options to secure your Payment Profile Webform will help you understand best practices and how to balance security with your business needs.
Must know:
- You must have the Secure Payment Profile feature enabled on your account.
- You’ll need web development knowledge or assistance from a web developer.
What tools can I use to secure my Payment Profile Webform?
If you are adding the link to your website, you can:
- Implement a CAPTCHA to be required before the customer is redirected to the profile webform; this will ensure a human—and not a robot—is creating a legitimate payment profile, as well as mitigate any scripted attacks.
- Require that consumers complete some type of registration before creating a payment profile. This login “wall” can deter malicious use.
- Enforce IP and geolocation restrictions, or other enforced checks. You can track who is accessing your website and from which location, which can be especially useful if you only sell your services or products to consumers in specific areas. Filtering out ineligible users can tighten access privileges.
- Research web developers and security professionals to see if there are other options available to your business website.
Within the Portal you can:
- Add additional restrictions within Payment Profile Configuration (configuration > payment profile configuration).
Good to know:
- As a business owner, it’s up to you to enable fraud/risk tools to secure your account.
- If you experience a scripted attack through the Payment Profile Webform, you can stop it by changing the hash key for your web form within Payment Profile Configuration (configuration > payment profile configuration).