homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

non profit used to screen stolen credit cards

 12:17 pm on Sep 28, 2011 (gmt 0)

our non-profit website was recently the victim of a stolen credit card verification scam. Over several days we received many donations that were processed through our paypal pro account. Most of these transactions were rejected, but a non-insignificant number were approved. We are hoping to learn from this and prevent it in the future (although our paypal account has been locked and we are not sure when if ever we may be allowed to resume). How is it possible that false data is entered on our site yet the transaction is approved by the paypal gateway? looking at the persons name and address it is obvious that they are not valid, and most of the successful transactions come back with AVSCODE of N, which should have caused the transaction to fail. Any information on how we may prevent this in the future, and explanations of how it may have happened would be appreciated.
Thank you



 12:48 pm on Sep 29, 2011 (gmt 0)

Welcome to WebmasterWorld!
Unfortunately, I don't have a solution for you. It's something that happens. But I expect a few of the more seasoned online sales vets might have something more to offer.


 3:44 pm on Oct 1, 2011 (gmt 0)

and most of the successful transactions come back with AVSCODE of N, which should have caused the transaction to fail.

That means the transaction should been declined from your cart code and you need to fix the code.

N is documented from Paypal "The transaction is declined"


 10:21 am on Oct 3, 2011 (gmt 0)

we were displaying a failure code, but we were also getting
<ACK>Success</ACK>, and the transaction was processed on the paypal end.


 12:45 pm on Oct 3, 2011 (gmt 0)

In the response array you should be checking the AVSCODE and CVV2MATCH fields also.

And what was the setting of PaymentAction? Just make sure it is "authorization" and not "sale" because it seems you set it up to make it the whole capture automatic and could be the reason.



 12:58 pm on Oct 3, 2011 (gmt 0)

we are using payment type "Sale" in our doDirectPayment call, from the link provided we are using:
"During a traditional sale at PayPal, the authorization and capture action is completed simultaneously"
the AVSCODE is N, and CVV2MATCH is M
It was our understanding that doing the authorization and capture method, if the transaction was rejected for any reason the funds would not be transferred and we would get an ACK of Failure
Thank you for your help


 2:15 pm on Oct 3, 2011 (gmt 0)

Yes some of the specs do not clarify the paymentaction enough and can be incorrectly set. Typically I will set it to authorization unless I am 100% sure buyers are legit.


 2:48 pm on Oct 3, 2011 (gmt 0)

thank you, so you will set to authorize, then if everything comes back looking good you then capture the funds?


 3:18 pm on Oct 3, 2011 (gmt 0)

yes there should be an option via the paypal cpanel to review the transactions.


 3:49 pm on Oct 3, 2011 (gmt 0)

thank you for your help. should paypal re-activate our account we will follow your recommendation.


 4:37 pm on Oct 3, 2011 (gmt 0)

Plus, you should look into blocking the IP address or a range where the transaction is originated from.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved