homepage Welcome to WebmasterWorld Guest from 54.204.142.143
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
non profit used to screen stolen credit cards
HudsonKane




msg:4368228
 12:17 pm on Sep 28, 2011 (gmt 0)

our non-profit website was recently the victim of a stolen credit card verification scam. Over several days we received many donations that were processed through our paypal pro account. Most of these transactions were rejected, but a non-insignificant number were approved. We are hoping to learn from this and prevent it in the future (although our paypal account has been locked and we are not sure when if ever we may be allowed to resume). How is it possible that false data is entered on our site yet the transaction is approved by the paypal gateway? looking at the persons name and address it is obvious that they are not valid, and most of the successful transactions come back with AVSCODE of N, which should have caused the transaction to fail. Any information on how we may prevent this in the future, and explanations of how it may have happened would be appreciated.
Thank you

 

lorax




msg:4368706
 12:48 pm on Sep 29, 2011 (gmt 0)

Welcome to WebmasterWorld!
Unfortunately, I don't have a solution for you. It's something that happens. But I expect a few of the more seasoned online sales vets might have something more to offer.

enigma1




msg:4369543
 3:44 pm on Oct 1, 2011 (gmt 0)

and most of the successful transactions come back with AVSCODE of N, which should have caused the transaction to fail.

That means the transaction should been declined from your cart code and you need to fix the code.

N is documented from Paypal "The transaction is declined"

HudsonKane




msg:4370030
 10:21 am on Oct 3, 2011 (gmt 0)

we were displaying a failure code, but we were also getting
<ACK>Success</ACK>, and the transaction was processed on the paypal end.

enigma1




msg:4370061
 12:45 pm on Oct 3, 2011 (gmt 0)

In the response array you should be checking the AVSCODE and CVV2MATCH fields also.

And what was the setting of PaymentAction? Just make sure it is "authorization" and not "sale" because it seems you set it up to make it the whole capture automatic and could be the reason.

https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_authcapture

HudsonKane




msg:4370063
 12:58 pm on Oct 3, 2011 (gmt 0)

we are using payment type "Sale" in our doDirectPayment call, from the link provided we are using:
"During a traditional sale at PayPal, the authorization and capture action is completed simultaneously"
the AVSCODE is N, and CVV2MATCH is M
It was our understanding that doing the authorization and capture method, if the transaction was rejected for any reason the funds would not be transferred and we would get an ACK of Failure
Thank you for your help

enigma1




msg:4370083
 2:15 pm on Oct 3, 2011 (gmt 0)

Yes some of the specs do not clarify the paymentaction enough and can be incorrectly set. Typically I will set it to authorization unless I am 100% sure buyers are legit.

HudsonKane




msg:4370100
 2:48 pm on Oct 3, 2011 (gmt 0)

thank you, so you will set to authorize, then if everything comes back looking good you then capture the funds?

enigma1




msg:4370105
 3:18 pm on Oct 3, 2011 (gmt 0)

yes there should be an option via the paypal cpanel to review the transactions.

HudsonKane




msg:4370122
 3:49 pm on Oct 3, 2011 (gmt 0)

thank you for your help. should paypal re-activate our account we will follow your recommendation.

Habtom




msg:4370147
 4:37 pm on Oct 3, 2011 (gmt 0)

Plus, you should look into blocking the IP address or a range where the transaction is originated from.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved