I am processing payment wit paypal express . it works like the following .If payment is successful it redirects to a particular url in my web application with a lot of form variables set.If unsuccessful it redirects to another page in my system.
Is that there is to it. Cant there be fraud in this case by people redirecting deliberately to the Payment success page??
I am an experienced developer but not expert in payment processing
Any answer would be appreciated
Thanks
John
Related
My question is very simple and no related to any kind of troubleshooting its just to get the information about the IPN
Lets say:
I have a system Paypal integrated activated IPN and working fine
someone tried to Price Jack a product and changed the price from 200$ to 2$
My IPN detected that and informed me about that issue (through mail as i set in my IPN).
My question is will paypal still process that payment and accept that 2$ and redirect user to my success page? or it will stop the processing the payment?
Ofcourse I have the proper handling of that and will not update the database
but question is will those 2 dollar will get processed in my paypal?
if yes is there any way to stop paypal from processing?
Note that there're multiple ways to protect your payment button code (price and other details) and also a very rare chance that an HTTPS payment request got "price-jacked" by a man-in-the-middle attack or malicious fraud activity, but still a valid question to be clarified.
In this case, the $2 will be processed just as a normal transaction to PayPal, and the asynchronous IPN will only be triggered by the event of payment completion. That's when your website backend will reconciliate and detect the "price-jack" by IPN callbacks, after the payment processing but not before.
Eventually, the transaction (of $2) that has taken place would be in sccope of fraud activity & dispute issue, and to be reported and handled by PayPal customer service
I need to implement Website Payment Pro hosted page solution for my UK client.
After the discussion with the PayPal team and looking through the tech guide I did the following:
Call BMCreateButton API (end point url -https://api-3t.sandbox.paypal.com/nvp) to get the EMAILLINK
Redirect user to EMAILINK(securepayments.sandbox.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess?hosted_button_id=HSSS-jsCeH.xi9R3Q........) for the PP hosted page
User completes the payment at the hosted page
After the payment completion user is redirected back to my confirmation page.
In the response I only see 'tx' (TransactionId) and CSCMATCH(=M).
There is no PNREF or other status param which tells me if payment is 'AUTHORIZED', 'DECLINE' , 'CANCELLED' or any error message'.
I am comparing this solution with the payflow gateway hosted page solution (which is not available in UK) wherein i receive enough of the response params to make proper decision at my end after receiving the response.
Please advise.
PayPal's Website Payments Pro has ways for you to get this information, but they look very different from the Payflow product.
(The Payflow product was built by a different company that was later acquired by PayPal, which is why the two products look entirely different.)
The "PayPal way" to get this information is to use IPNs to securely verify the payment information. Some PayPal products also support PDT (https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/paymentdatatransfer/), which is basically the same as IPN except that you post to PayPal to get the verification rather than waiting for PayPal to post to you.
See also this integration guide, specifically chapter 7 "order processing", which explains how to do this:
https://www.paypalobjects.com/webstatic/en_GB/developer/docs/pdf/hostedsolution_uk.pdf
The separate round-trip to PayPal is to prevent someone from constructing a false transaction ID (and status information) and posting to your return URL to try to convince you they made a payment when they had not in fact done so.
I hope to integrate Paypal using "Add payment buttons to your website" https://developer.paypal.com/webapps/developer/docs/integration/web/ since my site only needs one time purchase so this solution is perfect.
But it requires an IPN implemented as an async solution at the merchant side to receive the transaction result. While the button redirects user to paypal.com to finish the payment process. But after that is done. User is not automatically redirected back to merchant site.
I found on the forum that I can add an "data-return" attribute in the script element so when user is done paying there is an additional link that points to the merchant site. Now since IPN is asynchronous, once user views the "data-return" page, IPN may not have been called yet. My questions are:
1. So what's the suggested solution of synchronizing between return page and IPN?
2. When testing, I found a lot of query strings are appended to the "data-return" URL, looks related to transaction result. Can I use them to replace IPN so I have a SYNCHRONOUS way of verifying the transaction result?
Thanks!
Use Payment Data Transfer (PDT, for short). https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/paymentdatatransfer/
I am using the standard paypal payment method with my opencart website. When I go through the checkout process and get redirected to the PayPal website, I get to login and choose my payment source on the paypal site. However, when it starts processing, it just returns "Your session has timed out, please log in again." and logs me out of Paypal.
Any help would be appreciated.
I had facing this problem also. If you are using sandbox mode, You should be gave test account for buyer(buyer account must be business account) and also seller account must be individual account(personal). for example xxx#gmail.com is buyer account you should put it in admin panel paypal extension,then you should login in E-store website with seller account(yyy#gmail.com) and proceed to paypal it will works well.
Some times the cookies that Paypal sets are really annoying, try cleaning all of them, it helped me with other Paypal related errors.
I have downloaded sample code from paypal to allow me to use parallel payments via their sandbox accounts. When I run parallel.php, I get redirected to paypal's sandbox login page.
How am I supposed to know "server side" that the payment has been made successfully, so I can update my database records?
I believe you have to work with PayPals IPN system. This will basically send a confirmation to your server that tells you it has gone through.
https://www.paypal.com/ipn
Paypal lets you register a notification url which is part of the IPN (instant payment notification IIRC) system. So if someone pays by a delayed payment (such as a bank transfer) the transaction will update days later. You need to have an application (web page) on your server that can be called by Paypal with transaction details to update a payment.
You'll need to create an initial transaction record in your system when paypal redirects back to you so refer to their documentation for that. I'd also recommend looking at either OSCommerce or Zen cart for an idea of how they do it as they support the same kind of thing.