Security best practices

To keep your payments profile secure for the protection of your customers and you, keep these security best practices in mind:

  • Never share your payments profile or merchant ID with anyone.

  • Never make a payment to Google through a third party. Always pay any balance due through your Google Account.

  • To send processing commands to Google, use an HTTPS connection secured by 128-bit Secure Sockets Layer (SSL) v3 or Transport Layer Security (TLS) connection (We don’t allow SSL v2).

  • Verify the authenticity of the server certificate presented to you.

  • To get Google notifications, specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certificate Authority.

  • Only accept messages authenticated by HTTP Basic Authentication using your Merchant ID and merchant key as the username and password.

  • Validate messages sent to your callback URL before processing them.

Need more help?

Try these next steps:

Contact us Tell us more and we’ll help you get there
true
Payments center updates

Welcome to the new Google payments center help experience! You can now find support for both sellers and business consumers in one place. Learn more about what’s new.

Search
Clear search
Close search
Main menu
15887963074031519216
true
Search Help Center
true
true
true
true
true
1633573
false
false