PayPal Introduces Open API

m2pc writes "PayPal has just announced the availability of their Open API under the 'PayPal X Program.' This enables developers to integrate PayPal payment processing services without forcing users to redirect to PayPal's website to enter payment information. This new initiative is designed to allow the company to better compete with the likes of Google and Amazon, which offer similar services. I wonder how much they paid for their domain: x.com?"

As a Developer

[FredFredrickson]

As a developer, I'm freakin excited. I hope it doesn't cost too much money.. or any at all. That's the reason I prefer Paypal for smaller projects over authorize.net.. save the monthly bills.

Re:

[raehl]

As a developer, I'll be avoiding this like the plague.

Why on earth would I want to add the burden of handling and protecting sensitive financial information when I can just send the user to a website they are familiar with to complete the transaction? No credit card numbers in my DB to steal, added trust for the user - this API seems like fail-fail.

Re:

[Anonymous Coward]

The info isn't saved in your database. Have you ever even used a payment gateway?

Re:As a Developer

[nacturation]

Why on earth would I want to add the burden of handling and protecting sensitive financial information when I can just send the user to a website they are familiar with to complete the transaction? No credit card numbers in my DB to steal, added trust for the user - this API seems like fail-fail.

If you're storing credit card numbers, you're doing it wrong. Here's how it should happen:

• Your payment page is SSL secured and people enter their CC details
• Your web server sends it through an SSL-secured API to PayPal
• PayPal responds with the result
• Your web server does or doesn't approve the order as appropriate (this is the ??? step)
• Profit!

The only storage of sensitive information that goes on is inside the server's RAM and it gets discarded from RAM once the transaction concludes.

Re:As a Developer

[Jherico]

The problem here is if I'm not redirected to PayPal, I'm offering up my palpal authentication information to a third party in the hope that they're going to use it for the transaction I've authorized and nothing else.

Re:

[nacturation]

The problem here is if I'm not redirected to PayPal, I'm offering up my palpal authentication information to a third party in the hope that they're going to use it for the transaction I've authorized and nothing else.

If you give your PayPal credentials to a third party and not to a PayPal URL, then yeah... you'll get hacked. No different than a site claiming to support Facebook Connect but showing its own login window instead of Facebook's login window. Or like any OpenID-enabled website. If it doesn't redirect you to the authoritative site [openid.net] you claim to be using, you're screwed.

Other payment services years ahead of pp

[SgtChaireBourne]

Other services, like moneybookers [moneybookers.com], have had public APIs [moneybookers.com] for years. IIRC the moneybooker's one has been around since 2004. There are even development accounts that can be set up for testing and several levels of detail or complexity.

I'm not sure what the slashdot editors' fascination with paypal [paypalsucks.com] is about. A quota to peddle 'news' about M$ partners?

Re:

[kestasjk]

It does seem to require you have a registered business name though, I like the micropayment potential and all but it looks like government is still getting in the way of truly seamless, open payments out of fear of money laundering etc. "As a developer" I think this goes a bit OTT, and they could probably afford to take the time to see where money is coming from and going to if/when a significant amount gets made rather than require you prove that you're not a criminal via a huge number of checks and then f

Re:

[Dog-Cow]

It also looks like you're an idiot. The difference is, of course, that you actually are.

Re:

[kestasjk]

".. , of course, .."

API???

[click2005]

Another Price Increase

Re:

[interval1066]

@click2005: "Another Price Increase"
Yep. A pack of gangsters just created some technology. Great.

one-letter domain?

[Tolaris]

Since when are 1-letter second-level domains allowed? I thought it was limited to two letters and up.

Re:

[Anonymous Coward]

You were wrong. http://en.wikipedia.org/wiki/Single-letter_second-level_domains [wikipedia.org]

Re:

[Itninja]

One-letter names are allowed. But they were all taken within a very short time. I think about 26 seconds.

Re:one-letter domain?

[onefriedrice]

Wrong. One-letter domains were never made available by ICANN except for just a few exceptions made because of trademark issues: q.com for qwest, x.org for the former Open Group and a few others, including (obviously) x.com, though I don't remember who was the original owner of that one.

Re:one-letter domain?

[sopssa]

PayPal has always owned it:

The current incarnation of PayPal is the result of a March 2000 merger between Confinity and X.com. X.com was founded by Elon Musk in March 1999, initially as an Internet financial services company. Both Confinity and X.com launched their websites in late 1999.

http://en.wikipedia.org/wiki/PayPal [wikipedia.org]

Re:

[noundi]

PayPal has always owned it:

The current incarnation of PayPal is the result of a March 2000 merger between Confinity and X.com. X.com was founded by Elon Musk in March 1999, initially as an Internet financial services company. Both Confinity and X.com launched their websites in late 1999.

http://en.wikipedia.org/wiki/PayPal [wikipedia.org]

That doesn't add up. According to this [wikipedia.org] article the existing single-letter second-level domains were all registered before 1993, as in 1993 IANA reserved the remaining domains. Originally x.com was owned by Weinstein & DePaolis. Some half assed googling led me to this [depaolis.com], which isn't much. And a quick whois [www.who.is] showed that they also own x.cx, judging by the email used.

Re:

[lannocc]

As another commenter mentioned, it may have been PayPal. It was certainly some sort of financial institution. I still have an old X.com-branded credit card.

Re:

[Anonymous Coward]

x.com used to be an on-line bank. It was founded sometime around 2000. They were originally competition for PayPal: their tagline was basically, "you can e-mail money."

When they first started, if you opened an account with them, they actually gave you $20 for free and mailed you a debit card. The only problem with their system is that they didn't own any ATM's and you had to mail in deposits (or do direct deposit via ACH.) So it didn't last very long. They eventually got bought out by PayPal, and so now Pay

Re:

[j00r0m4nc3r]

x.com used to be an on-line bank. It was founded sometime around 2000. They were originally competition for PayPal: their tagline was basically, "you can e-mail money."

That's the Nigerians' tagline too.

Re:one-letter domain?

[greatica]

I heard it used to belong to some ridiculous group claiming ufo defense or something.

Re:

[MichaelSmith]

I heard it used to belong to some ridiculous group claiming ufo defense or something.

SpaceX?

Re:

[PaganRitual]

Weren't those the crazies that, when faced with increasing ridicule, changed their story to be something about some unamed terror, from the deep or something?

Last I heard they were just outright babbling about the apocalypse. Haven't heard anything in years though. I kinda miss them, in a go-crazy-and-shoot-all-my-friends-with-a-guided-rocket-launcher kinda way.

Re:one-letter domain?

[eulernet]

Archive.org has the whole history of the site:
http://web.archive.org/web/*/http://www.x.com [archive.org]

Before 2000, it was owned by Rob Walker, then purchased by a company named x.com, which became Paypal:
http://web.archive.org/web/20000520015239/http://www.x.com/ [archive.org]

Re:

[Itninja]

So they were never allowed. Except for the 26 corporations that asked for them. Gotcha.

Re:

[Mad Merlin]

Since ever? X.org [x.org] for example has been around quite awhile.

Re:

[Anonymous Coward]

You're on Slashdot and you've never been to x.org?

Re:

[nacturation]

Slashdot already owns /.org but it's a real bitch to get browsers to recognize the URL.

Actually...

[mister_playboy]

Opera brings you to Slashdot if you simply type /. in the address window.

Try it!

Re:

[nacturation]

I did not know that! Thanks for the tip.

Re:

[leamanc]

Rare, but ICANN has allowed them from time to time. Never visisted x.org? Turn in your geek card for unfamiliarity with the X11 protocol. :-)

Re:

[kimba]

The single letter .COM/.ORG/.NET domain prohibition was enacted prior to the existence of ICANN, however, existing single letter registrations were grandfathered in and were able to be kept. No exceptions have been granted after the prohibition started.

Re:

[leamanc]

Right you are, I stand corrected. [wikipedia.org]

On December 1, 1993, the Internet Assigned Numbers Authority (IANA) explicitly reserved the remaining single-letter and single-digit domain names. The few domains that were already assigned were grandfathered in and continued to exist.

Among the list of grandfathered-in domains was x.org.

Um...guys....

[Itninja]

I was doing this on an ecommerce site I administered like four years ago. It was called PayPal Payments Pro (or some such) and cost $20/month. No redirects at all. Other than the new domain, what's new? Is it free now?

Re:

[smclean]

Ditto, I also have integrated with that service, so this seems like a non-story, maybe a different rate schedule if anything.

"Website Payments Pro" https://www.paypal.com/uk/cgi-bin/webscr?cmd=_dcc_hub-outside [paypal.com]

Re:

[webheaded]

Payflow Pro. I'm thinking the same thing. Maybe they're actually pointing more towards using a Paypal ID without leaving the site or something...I dunno, but I do know my company is one of the processors for Paypal and that they've had functionality like that for quite some time.

Re:Um...guys....

[jjohn24680]

PayProFlow is their credit card payment gateway, and handles other kinds of related transactions (debit cards, pre-funded cards). It appears this API ties to their main payment system (transfer funds between PayPal accounts) rather than credit cards. The company I work for uses their gateways to process transactions for both credit cards and also payments between PayPal accounts. Currently, if someone wants to receive a payment from us, they have to go to the PayPal website and create an account there. Once they have an account, we can use the existing API to transfer funds. From the article, it appears that you can use this API to create a new account, which is something that I don't believe can be done at this point.

Re:

[patniemeyer]

The existing Paypal Payments Pro API is as you describe (though it's $30/mo now) and it does let you accept credit cards on your site directly. The new API lets you do some more sophisticated things on the back end (like Amazon FPS currently does) including splitting payments among multiple receivers or making payments to many receivers at the same time. There is also micropayment support.

The limitation that I see at the moment is that the new API only lets you make payments with a paypal account - you can'

Paypal was originally x.com

[SashaMan]

Paypal has owned the x.com domain since before they were paypal (check wikipedia), so while x.com probably wasn't super cheap back in 1999, it's not like they just purchased it.

Re:

[uvajed_ekil]

Yeah, the offered online checking accounts. I signed up for X.com and Paypal accounts initially because they were giving away free money, no deposit required. I didn't think either one would last (I was half right), but hey, free money.

Re:

[White Flame]

I still have my old x.com credit card. It's a great geeky X-Com commemorative, even though it has nothing to do with the game. :-D

Re:

[kalislashdot]

Years ago, I used to go to paypal by going to x.com. It was so much shorted to type and it just redirected for me to paypal.com Then they made it the "labs" site and my shortcut was ruined.

Re:Paypal was originally x.com

[loshwomp]

X.com was one of the companies that merged to form PayPal. They epitomized the bubble "land grab" mentality by giving away free money to attract customers.

I still have a check for $0.01 sent to me (for no obvious reason) by "PayPal's X.com" during the bubble days. It's such a perfect metaphor for the stupidity of that era that I just had to save it and frame it.

I wonder what PCI implications this will have.

[marbike]

A lot of companies expend a great deal of resources in order to conform to PCI-DSS. The need for extensive testing, Web App Firewalls and the like is a pricey and time consuming activities for merchants dealing with PCI. When seasoned developers often forget to mask PANs, I wonder what the novice developer will do. I hope that this service will include some PCI guidelines so small merchants won't get bit in the ass by the certification bug.

redirect is better

[bolthole]

I personally LIKE the redirect. I LIKE only inputting my credit card/whatnot information to paypal.com directly, instead of some random site that I'm doing a one-time transaction with and will probably never see again.

Re:redirect is better

[webheaded]

Yeah, I'd have to agree. I generally shy away from websites that directly ask me for a username and password for another site. I don't care who you are, but after all the phishing emails and such we've seen over the years, you'd have to be pretty dense to not feel at least a little uncomfortable with something like this.

there is a solution

[commodoresloat]

We have a site that can ease your mind about such transactions, and we can even alert you to suspicious activity! Kindly provide the following information and our salespeople will get you set up:

Name:
Paypal Username:
Paypal Password:
Social Security Number:

Re:

[Anonymous Coward]

Sort of off topic, but something that might interest you if you haven't seen it before is a feature Citi offers with their credit cards called virtual account numbers [citicards.com]. Basically, it allows you to generate different numbers that point back to your real account and are only good for one use. You can also limit the amount of time they're active as well as put a cap on how much money can be drawn from it. Pretty cool.

Re:

[NoYob]

yeah, but that means doing business with Citi. No thanks.

Re:

[Alok]

The same feature was offered on MBNA cards as well, and afaik is still there post-acquisition (by BoA). I think Discover has virtual numbers too, and probably AmEx should also be having something similar.

The unfortunate part is that there are some caveats to the 'one time use only', or atleast in MBNA's case there were stories of people who got charged on the number months after their initial purchase - unfortunately I don't really remember much about that, never used them much myself anyway.

Re:

[amasiancrasian]

+1 post; allowing website owners to directly process user/pass info for PayPal is potentially a dangerous move if all sorts of security audits/nefarious site owners are processing login info. There's definitely potential for abuse because the redirect kept the user/pass separate from the app processing. We implemented SSO handling via CAS because we could train users never to type in their user/pass on any site except for sso.bigcompany.com.

Further, even banks require all sorts of audits if a website is han

Re:redirect is better

[tlhIngan]

Not to mention, there'll be a whole host of XSS crap going on so that sites can grab your login information to Paypal from their website. After all, their site has to include the paypal stuff in it, who's to say that "submit" button isn't "send us and paypal your login"?

If using Paypal, I expect to visit Paypal's site to log in. (There were some XSS used to get the site's inventory into Paypal, but that's a different issue, and it happens before login).

My Paypal information is valuable - I don't want to trust some oddball website with it. I hope there's a "Redirect to Paypal" link I can use instead of this stuff...

Re:

[BikeHelmet]

Totally agree with you here. It felt weirder ordering off Dell.com than it did DealExtreme.com. I was expecting redirects to a secure site for payment.

Re:redirect is better

[DigitalCrackPipe]

I hope they continue to allow the explicit paypal.com visit. Otherwise I forsee bailing out of a number of transactions due to the sketchiness of giving free access to your bank account to some random site.

Re:

[stephanruby]

There is no reason you can't have both, and just let the consumer decide. Believe it or not, there are cases where the consumer would rather not leave the site.

For instance, when our customers wanted a refund from us, we had to tell them to make the request through Pay Pal first (at least, at the time that was the case, I don't know if it still is the case now), and then we would issue the refund as soon as we saw the request come in. We couldn't initiate that request ourselves.

This really didn't sit well

Re:

[vanyel]

As a paypal user from the other side, I like the redirect because it means I never see customer credit cards, so I don't have to deal with that level of security concerns...

Re:

[daid303]

Indeed. The dutch payment system "iDeal" works like this, you are redirected to your own bank site. And make a payment from there. I know that under the hood there are XML files exchanged with no sensitive information, and I enjoy the protection of my own bank. I don't even need to have an account at a 3th party (like paypal)

It works great, many sites support the payment option (webshops, WoW, ...) and it feels really secure. Just a shame steam doesn't support it yet.

Bummer!

[timeOday]

As an end user, to me the value in going through a centralized payment service is the security of having only one reputable company (PayPal) handling my personal information, instead of having every vendor out there from whom I've ever bought anything potentially putting my CC# into their database. Forget disintermediation via this API, I'd rather go the other way and have assurance from the middleman that the vendor will never get anything they don't need for order fullfillment - that is, just my name and mailing address.

Re:Bummer!

[nametaken]

You're kidding, right? Did you just call PayPal a reputable company? You clearly haven't had an account seized for no particular reason... or the various other nefarious shit they're known for.

Re:

[BikeHelmet]

Right - but it's better Paypal than an eBay seller, or Paypal plus a random site, right?

Poor choice of words...

[raehl]

He meant greedy business entity strongly financially motivated to avoid any uncontrolled release of your information.

PayPal very diligently acts to protect their bottom line. You may not like their policies on withholding balances, but that same financial diligence also goes in to maintaining security to prevent the huge financial losses that would occur should the public no longer perceive paypal as secure.

Re:

[timeOday]

Besides, I have had payments frozen and while irritating, you have to remember that without that option, fewer customers would dare to send you money in the first place. It's a cost of doing business, like accepting returns.

Re:Bummer!

[Phroggy]

They are a reputable company, in that they have a reputation.

Re:

[MrPerfekt]

You clearly haven't tried to manage fraud on more than 70 million active accounts. Anybody that's had a high school statistics class will tell you that some innocent people are going to get caught in the net. Of course, it's not perfect. It never will be. Neither is the Visa fraud system that denies charges that it deems to be "out of character" for your habits. But I don't see you bitching that Visa won't let you buy a lifetime subscription to your favorite monkeyporn site.

My point is that, PayPal gets a b

Re:

[NoYob]

Better the evil you know than the evil you don't and the evil you know, mate. Think about it for a moment.

But, if it's an evil I do know that decides to change into an evil that I don't know, then I would be dealing with an evil that I know but really don't know - think about that for a moment.

x.com

[JoeF]

They didn't pay anything for x.com. They were x.com originally.

Re:

[Locke2005]

They paid in opportunity cost [wikipedia.org]. Imagine how much they could have made by selling x.com!

Re:

[TomXP411]

Not true. x.com and PayPal were two different companies with two different products back in 2000. x was a bank, PP was an on-line payment service. By buying x.com, PayPal was able to offer debit cards and some other fun stuff they couldn't before (at least not without getting a charter as a bank, which is probably more expensive than simply buying a bank...) I remember it well; I had an x.com debit card at the time, and I used to use both services.

Security?

[Manip]

This is sad news for me personally.

I always liked that I got redirected to PayPal.com to enter my PayPal details. Allowing me to check the SSL certificate and avoiding certain kinds of phishing fraud. Plus keeping my login details out of the hands of third parties who might enjoy looking at my payment history (which I agreed to in line 9999 subsection 5, amendment 3 of the T&C).

Ironically while PayPal moves away from a redirection systems the big credit card companies (VISA, Mastercard, etc) are moving into one. Now often bringing up a password page operated by your CC company in order to verify that you haven't stolen card details.

Re:

[Kenja]

If it ties in to the rotating cipher device PayPal offers its all the same to me. Its a DigiPass Go 3 FYI, similar to what Blizzard uses for WoW.

As a representative of one burned by PayPal

[Chas]

It'll be a cold day in hell before they see any utilization by any of the companies I work for or service.

They could be the last financial institution on the planet. I and some of the people I work for would revert to a barter economy first.

Re:

[Nithendil]

It still amazes me that there isn't a legit popular alternative to paypal for online shopping (other than huge sites like amazon). I refuse to have anything to do with them anymore. At least it taught me a lesson in scams and how to deal with companies who care very little for their customers.

Re:As a representative of one burned by PayPal

[Have Brain Will Rent]

In Canada there is Interac where you can send money by email - I assume there is something similar in the US. An Interac transfer is as good as a wire transfer - i.e. when the money gets to your account it is yours period. There is also HyperWallet which is popular with the credit unions and some other institutions.

Re:

[Nithendil]

What I have seen in the US is either the website has their own shop with credit processing, or they are affiliated with someone (amazon, google) or they take paypal; I'm sure there are other options but they are outliers.

Re:

[am 2k]

Well, if you're looking for a way to receive money from your customers, there's always esellerate [esellerate.net].

(I'm not affiliated with them, just a happy customer.)

Re:

[Archon-X]

2co.com ?

Re:

[Firehed]

Speaking as someone in the industry... there's a lot of reasons. The barriers to entry are extremely high (and that's before you realize that your competition is a multi billion dollar giant with massive market and mindshare), there's a huge amount of legal BS that you have to deal with, and the banking industry is painfully slow and outdated to work with.

I AM surprised that other payment gateways don't do more in consumer-facing work, but there's plenty of very good reasons that they'll be staying strictl

Re:

[TheRaven64]

The thing that surprises me is that banks allow them to exist. I can send money to a private individual easily; just enter their account number and sort code (or IBAN code for international transfers) and the amount of money to send into my online banking page. It wouldn't be too hard for the banks to define a standard API for providing this information, so you just enter your bank's URL and press 'pay' and it then redirects to your bank's log in site and, once you're logged in, creates a new transaction.

Re:

[Civil_Disobedient]

I can send money to a private individual easily

Sure, and the bank charges you out the ass for the convenience. Kinda like ATMs... there's no excuse for $3.00 "convenience" fees when they used to be free! Except for the fact that, well, they can.

Re:

[TheRaven64]

I never understood why people in the USA put up with this crap from their banks. My bank (in the UK) doesn't charge me for using ATMs owned by them or any other UK bank. A few ATMs in shops and pubs charge everyone that uses them, but there are enough free ones around that you rarely need to use these. My bank doesn't charge me for sending money to someone else online either. This is pretty much standard across Europe.

Re:

[Civil_Disobedient]

In the States we have Credit Unions (not sure if you have them in the UK) that operate in a similar fashion. It's the larger commercial banks that are by far the worst practitioners of fees-as-revenue-model. Which naturally makes no sense, since the larger banks presumably have more ATMs (so less out-of-network transactions) and a larger capital base to fill their coffers.

We only put up with it because they put chemicals in our water that make us lazy.

No parking.

[Snufu]

I wonder how much they paid for their domain: x.com?

It's variable.

This is a bad idea because...

[phiz187]

This is going to make users accustomed to entering their paypal credentials into all sorts of unique interfaces, on a variety of websites. It is going to condition users to be less guarded about their paypal credentials. As it stands now, you basically only enter your PayPal credentials into either the PayPal.com or Ebay.com domains. Users know that if anywhere else asks for their credentials, that it is a phishing site. I think this is going to be a minor disaster for PayPal. But hey, maybe they're cash-flush enough to eat the cost of all the new fraud claims that are going to result.

Re:

[gravyface]

I have a newsflash for you Walter Cronkite: users wouldn't know the difference between ebay.com and ebay.ha.ha.pwned.com if it had an eBay logo on it.

Re:

[maxume]

Well, that sucks for people that trusted Paypal to begin with.

Re:

[TheRaven64]

If PayPal only has your credit card details, not your debit card, and you don't store money in your PayPal account, there's not much they can do. They can't confiscate the money you have with them (there isn't any) and if they try to take money without authorisation then you can issue a chargeback (at their expense) on the credit card. I don't understand people who use it to accept payment though. The only thing banks sell of value is their reputation, and PayPal's is worth a negative amount. I'd be mor

Critical missing piece

[RyoShin]

Nifty, but I'm waiting for the day that they announce good customer service.

(Although I believe they're lifting the ban on adult content sites, so that's good.)

You have a short memory...

[larwe]

Don't you remember that X.com *WAS* PayPal until about 2000? I would be surprised if they paid more than a four-figure sum for the domain; real estate wasn't as valuable back then. X.com was originally an online bank of sorts.

Re:

[bipbop]

You'd be surprised if they paid more than a four-figure sum for the domain? Valuable domains sold in the millions in the late 90s, and that was oct 1999, only a few months away from the peak of the dot-com bubble. I can't find data on how much x.com was sold for, but for some examples selling in the millions in '99, look at altavista.com, autos.com, business.com--and I'm only at the start of the alphabet there.

Anyway, this is kind of an unimportant point to make, but the irony of saying someone else has a

where is

[zero.kalvin]

Where is the whatcouldpossiblygoeswrong tag ?

There goes all the conditioning...

[foxtyke]

I have spent the better part of my digital life convincing people that Paypal credentials should ONLY be provided when on Paypal.com, when you have a nice SSL certificate showing Paypal, Inc. and the like.

Granted you could place your credentials on retailer sites through existing APIs but most retailers recognized the need for consistency and helped condition Paypal users to expect to be taken to Paypal.com to complete the transaction and then back to the retailer site.

I agree, the chances of phishing succe

thanks sirs - exciting news

[postmortem]

Dear Sirs,

These are great news that promise increased effectiveness and efficiency in money transfers for humble users from Nigeria.

Additionally, if you could assist me in transferring some funds from our deceased noblemen, you will truly be awarded.

Yours Faithfully,

Dr. Akeem Biobaku

Security risk?

[mysidia]

The new PayPal APIs allow developers to engage customers directly within their own applications rather than forcing them to port users off to the actual PayPal site. Users who don't even use PayPal can actually sign up for PayPal within the third-party application and begin making PayPal payments seamlessly from within the third-party application.

So now you're relying on a third party application running on your vendor's website to not secretly cubbyhole a copy of your PayPal password as you use the th

x.com?

[MostAwesomeDude]

Hey, whatever gets us more page views.

(If you haven't been to http://x.org/ [x.org] , you might not get the joke.)

Re:

[TheRaven64]

Before X development moved back to x.org, it was hosted on XFree86.{org/com}. For a lot of this time, XFree.com was a porn site. You can find a reference to this in an old interview with some of the X developers when they were asked why, now that many architectures other than x86 were supported, they didn't drop the 86 from the name and go with XFree.

x.com

[strstr]

Hasn't PayPal always owned x.com? if I recall, you used to access the website at paypal.x.com and it wasn't until a few years ago that they started using paypal.com.

It's like banking, without consumer protections.

[Animats]

PayPal calls this WebSite Payments Pro. [paypal.com] They don't use the world "Open", at least not to developers.

What they are offering is essentially the same thing banks offer as "merchant accounts" that connect to "shopping cart" programs. But, this being PayPal, without all the consumer protections that banks are required to provide. I've been reading through the documentation, and there's no sign of all the security requirements Visa imposes on merchants.

(Well, actually there is [paypal.com] - under "Legal Agreements, E

Re:It's like banking, without consumer protections

[JesseMcDonald]

There seems to be a contradiction in PayPal's descriptions of the program. On the main summary page they say of Express Checkout, "Your customer chooses to pay with PayPal by entering their email address and PayPal password, without leaving your website." However, in the section on Express Checkout all the flow diagrams show the customer clicking on a button which redirects them to the PayPal website, where they enter their login and password, as is currently the case.

I'm inclined to believe that the curren

I really hope they thought about it, a long time

[Ilgaz]

I hate posting 2 line messages but if you look at http://www.phishtank.com/ [phishtank.com] which the data is community provided/validated and open, I have real bad feelings about the upcoming API. Hopefully they don't trust the general public to know what an API is while they keep clicking the links on spam mails they get.