Welcome to WebmasterWorld Guest from 54.145.44.134

Forum Moderators: buckworks

Message Too Old, No Replies

non profit used to screen stolen credit cards

     

HudsonKane

12:17 pm on Sep 28, 2011 (gmt 0)



our non-profit website was recently the victim of a stolen credit card verification scam. Over several days we received many donations that were processed through our paypal pro account. Most of these transactions were rejected, but a non-insignificant number were approved. We are hoping to learn from this and prevent it in the future (although our paypal account has been locked and we are not sure when if ever we may be allowed to resume). How is it possible that false data is entered on our site yet the transaction is approved by the paypal gateway? looking at the persons name and address it is obvious that they are not valid, and most of the successful transactions come back with AVSCODE of N, which should have caused the transaction to fail. Any information on how we may prevent this in the future, and explanations of how it may have happened would be appreciated.
Thank you

lorax

12:48 pm on Sep 29, 2011 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Welcome to WebmasterWorld!
Unfortunately, I don't have a solution for you. It's something that happens. But I expect a few of the more seasoned online sales vets might have something more to offer.

enigma1

3:44 pm on Oct 1, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



and most of the successful transactions come back with AVSCODE of N, which should have caused the transaction to fail.

That means the transaction should been declined from your cart code and you need to fix the code.

N is documented from Paypal "The transaction is declined"

HudsonKane

10:21 am on Oct 3, 2011 (gmt 0)



we were displaying a failure code, but we were also getting
<ACK>Success</ACK>, and the transaction was processed on the paypal end.

enigma1

12:45 pm on Oct 3, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



In the response array you should be checking the AVSCODE and CVV2MATCH fields also.

And what was the setting of PaymentAction? Just make sure it is "authorization" and not "sale" because it seems you set it up to make it the whole capture automatic and could be the reason.

[cms.paypal.com...]

HudsonKane

12:58 pm on Oct 3, 2011 (gmt 0)



we are using payment type "Sale" in our doDirectPayment call, from the link provided we are using:
"During a traditional sale at PayPal, the authorization and capture action is completed simultaneously"
the AVSCODE is N, and CVV2MATCH is M
It was our understanding that doing the authorization and capture method, if the transaction was rejected for any reason the funds would not be transferred and we would get an ACK of Failure
Thank you for your help

enigma1

2:15 pm on Oct 3, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Yes some of the specs do not clarify the paymentaction enough and can be incorrectly set. Typically I will set it to authorization unless I am 100% sure buyers are legit.

HudsonKane

2:48 pm on Oct 3, 2011 (gmt 0)



thank you, so you will set to authorize, then if everything comes back looking good you then capture the funds?

enigma1

3:18 pm on Oct 3, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



yes there should be an option via the paypal cpanel to review the transactions.

HudsonKane

3:49 pm on Oct 3, 2011 (gmt 0)



thank you for your help. should paypal re-activate our account we will follow your recommendation.

Habtom

4:37 pm on Oct 3, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Plus, you should look into blocking the IP address or a range where the transaction is originated from.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month