Security best practices

To keep your payments profile secure for the protection of your customers and yourself, bear these security best practices in mind:

  • Never share your payments profile or merchant ID with anyone.

  • Never make a payment to Google through a third party. Always pay any balance due through your Google Account.

  • To send processing commands to Google, use an HTTPS connection secured by a 128-bit secure socket layer (SSL) v3 or a Transport Layer Security (TLS) connection (we don't allow SSL v2).

  • Verify the authenticity of the server certificate presented to you.

  • To get Google notifications, specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major certificate authority.

  • Only accept messages authenticated by HTTP basic authentication using your merchant ID and merchant key as the username and password.

  • Validate messages sent to your callback URL before processing them.

Need more help?

Try these next steps:

Contact us Tell us more and we’ll help you get there
true
Payments centre updates

Welcome to the new Google payments centre help experience! You can now find support for both sellers and business consumers in one place. Learn more about what's new.

Search
Clear search
Close search
Main menu
9170735655650686281
true
Search Help Centre
true
true
true
true
true
1633573
false
false