How do you handle fraud and compliance?
Here is a list of our responsibilities. If you sell using a payment provider, rather than a Merchant of Record like us, please note that you must handle all of this yourself if you want to comply with the local laws enacted in Europe, Australia, South Africa etc.
We use 3 layers to protect against fraud: our payment providers, 3rd party software and our own proprietary algorithms.
Firstly, we use several payment providers in the background to process customer transactions, including PayPal and card providers. They have excellent built-in anti-fraud solutions, which we use to protect you.
Secondly, we use various 3rd party anti-fraud softwares to ensure Paddle is secure, and to prevent fraud or malicious checkout activity.
Finally, we maintain our own anti-fraud algorithm on top of the first 2 layers, specifically designed for the needs of software sales. We essentially allocate a fraud score to every single transaction that goes through our system. This score represents the likelihood that the transaction is a case of card misuse or fraud, and takes into account lots of real time factors such as recent card transactions that appear fraudulent, use different cardholder names or appear in different locations.
A transaction with a high score will be flagged for manual review by our fraud team. This freezes the transaction and the funds until a decision has been made.
We never view or store any customer’s full credit or debit card details on our platform. Paddle uses a number of Payment Card Industry (PCI) compliant providers to process credit and debit card transactions and as an additional security measure uses a third party tokenisation service as a layer between Paddle and the providers.
We are PCI compliant and adhere to the Payment Card Industry Data Security Standard. As set out above, all credit card transactions are handled on our behalf by PCI compliant providers.