To keep your payments profile secure for the protection of your customers and you, keep these security best practices in mind:
-
Never share your payments profile or merchant ID with anyone.
-
Never make a payment to Google through a third party. Always pay any balance due through your Google Account.
-
To send processing commands to Google, use an HTTPS connection secured by 128-bit Secure Sockets Layer (SSL) v3 or Transport Layer Security (TLS) connection (We donât allow SSL v2).
-
Verify the authenticity of the server certificate presented to you.
-
To get Google notifications, specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certificate Authority.
-
Only accept messages authenticated by HTTP Basic Authentication using your Merchant ID and merchant key as the username and password.
-
Validate messages sent to your callback URL before processing them.