Card vaulting

When a shopper vaults—or “saves”—their credit card information for future purchases in your stores, minimal credit card information is shared with the shopper (last four digits, card expiration date, and brand of card). Credit card information is stored with the payment provider. When a card expires, or they no longer need the information saved, they can delete that token so that the information is no longer stored by the payment provider.

See Credit card vaulting for more information.

PayPal payment buttons

With PayPal payment buttons, no PCI-regulated data is passed across your services. You don’t have to store or maintain that data, which vastly reduces PCI compliance concerns.

For security reasons, PayPal does not pass the billing address during checkout—country, email, and name is the only billing information used. You can optionally enable your site’s PayPal checkout to return the complete billing address by contacting PayPal and completing a vetting process.

PayPal also has integrated fraud protection that uses machine learning to help you fight fraud. See PayPal’s Seller Protection documentation for more information.

Fraud protection

You can enable automated fraud protection for Payment Services with the Signifyd extension. See Signifyd fraud protection for more information.

PayPal provides other options for fraud protection in their developer documentation:

Previous pageLevel 2 and level 3 processing
Next pageSignifyd fraud protection