Please answer each part in 400-500 words.

. For a payment processing site , such as PayPal, security is of utmost important. In PayPal, more than 12 million payment transactions are processed on a daily basis, and this number rises to 15M million during peak days. Nowadays, PayPal has implemented a new and advanced approach to catching bugs and vulnerabilities in its website. This security feature was an add-on to a committed team of more than 2000 anti-fraud specialists who are responsible for taking care of the perimeter security. Each customer accountand payment transactions were monitored by the organisation 24/7 so that there is no fraudulent activity, email phishing and loss of identity. Moreover, the security was also ensured by maintaining every communication between servers on SSL. However, in the case of any flaw in any of these security features, an alarm should be raised.

Now, PayPal has contacted and assigned members who can work on bonus basis for the website security. These security researchers who are paid for identifying the bugs and possible vulnerabilities in PayPals website are known as bounty hunters. There are a lot of security researchers, there are a lot of other people out there who are experts on security. We have a very successful bug bounty program, where researchers will find a vulnerability on our sites that weve missed, explains Shivananda.

Every bug spotter looks for his/her benefit in identifying bugs. Therefore, PayPal rewards these bounty hunters with the designation of a hero and their achievements portrayed on the Wall of Fame. In monetary terms, a huge amount is paid to them.

PayPal pays $10,000 (about `6.5 Lakh) to identify a remote code of execution. In this case, the spotter of an authentication bypass vulnerability will get $3000 and the one working on cross-site scripting error would get $750.

Many companies such as Facebook and eBay have involved the community for highlevel security. Lets understand the manner in which the bug bounty program introduced by PayPal works. First, a security researcher enters and submits a security bug on the PayPal portal. On its completion, the security professionals I working at PayPal test that vulnerability and checks whether or not it is a real issue. They also understand the fixes and communicates to the researcher saying Yes, what youve submitted is a genuine issue. Thank you for that. Were processing it, and as we process it, well come back to you, said Shivananda. After the bug is successfully closed, security researchers are entitled to compensation from PayPal.

The following vulnerabilities are out-of-scope for PayPal:

Vulnerabilities based on social engineering techniques

Vulnerabilities based on brute force

The main objective of a payment processing company is to serve customers innovatively in 200 markets taking care of the fact that the losses are a third of one percent. Along with this, a huge amount of creativity has to be brought in designing the fraud eco-system.

PayPal invests a lot of resources in analysing the transactions, account details, and ensuring that no fraudulent transaction is completed on their website. In fact, its surprising that PayPal has the least loss in the payment industry that is one-third of one percent. The combination of machine learning and data sciences on the massive data sets helped PayPal to attain the position where it can assure the customers regarding the safety of their transactions.

A loss rate of one-third of one percent is something we can brag about in the industry, beams Shivananda

Ques a. Why PayPal thought of hiring bounty hunters?

Ques b. What type of issues can be faced by PayPal if there is some sort of security lapse in the customer payment transactions?