Card vaulting
When a shopper vaults—or “saves”—their credit card information for future purchases in your stores, minimal credit card information is shared with the shopper (last four digits, card expiration date, and brand of card). Credit card information is stored with the payment provider. When a card expires, or they no longer need the information saved, they can delete that token so that the information is no longer stored by the payment provider.
See Credit card vaulting for more information.
PayPal payment buttons
With PayPal payment buttons, no PCI-regulated data is passed across your services. You don’t have to store or maintain that data, which vastly reduces PCI compliance concerns.
For security reasons, PayPal does not pass the billing address during checkout—country, email, and name is the only billing information used. You can optionally enable your site’s PayPal checkout to return the complete billing address by contacting PayPal and completing a vetting process.
PayPal also has integrated fraud protection that uses machine learning to help you fight fraud. See PayPal’s Seller Protection documentation for more information.
Fraud protection
You can enable automated fraud protection for Payment Services with the Signifyd extension. See Signifyd fraud protection for more information.
PayPal provides other options for fraud protection in their developer documentation:
- See Fraud protection advanced for more information.
- See Chargeback protection for more information.