Security best practices

    To keep your payments profile secure for the protection of your customers and you, keep these security best practices in mind:

    • Never share your payments profile or merchant ID with anyone.

    • Never make a payment to Google through a third party . Always pay any balance due through your Google Account .

    • To send processing commands to Google, use an HTTPS connectionsecured by 128-bit Secure Sockets Layer (SSL) v3 or Transport Layer Security (TLS) connection (We don’t allow SSL v2).

    • Verify the authenticityof the server certificate presented to you.

    • To get Google notifications, specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certificate Authority.

    • Only accept messages authenticated by HTTP Basic Authentication using your Merchant ID and merchant key as the username and password.

    • Validate messages sent to your callback URLbefore processing them.

    Need more help?

    Try these next steps:

    Contact us Tell us more and we’ll help you get there
    true
    Payments center updates

    Welcome to the new Google payments center help experience! You can now find support for both sellers and business consumers in one place. Learn more about what’s new .

    Enable Dark Mode
    Search
    Clear search
    Close search
    Google apps
    Main menu
    15921375659410868685
    true
    Search Help Center
    true
    true
    true
    true
    true
    1633573
    false
    false
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: