In the example for accepting payments by credit card (link) the billing address information is not present. However, the payment appears to go through. What are the circumstances that require me to include this data?
In the classic API, the address fields are required. I can't find a field reference for REST, oddly enough. I suppose you could omit them and try a sandbox call to see if it fails, but omitting the address means no address verification (done against the zip code). It opens you up some to fraud.
Related
I am setting up my IPN for PayPal its been tested using a send box account and the site worked.
Now that I have gone live I am testing using real money and the ipn set up is
www.mysite.co.uk/XXXXXXXXX
However when I make the payment I notice in the url reply on my browser and when I check the IPN history on Paypal it says www.mysite.co.uk.co.uk. The.co.uk` appears twice. I assume this is the reason I am not getting the orders finalised on my backend.
There are two places you can specify the IPN listener URL:
your PayPal profile, or
with your transaction
It's very likely to be caused by mis-configuration in either of the two places.
If you specified it with your transaction, depending on the product you use, you may be able to find it in a parameter similar to "notify_url" or "PAYMENTREQUEST_0_NOTIFYURL". You'd need to refer to the documents of the product you are using.
I'm using Paypal Pro API to process my purchase. It works well with card number, expire date and security code but I need to validate the address and the owner name of the card as well.
Is there any parameters or functions in the API to do this? I didn't found anything in the docs. Or maybe it is an additional option in the Paypal developer control panel?
Assuming that we're talking about the Payflow Gateway API (for PayPal Payments Pro and other things), it appears you can do address verification--see the section entitled Using Address Verification Service. Notice the note there that says it doesn't check street names, in case that's a deal-breaker for you.
As for name validation, I can't find anything about that other than that it's typically passed in the sale transaction itself (section: Typical Sale Transaction Parameter String). Whether it's then validated by the banks as part of their end of the transaction, I couldn't say.
Hope that gets you a bit further. I haven't worked with any of this stuff myself.
I have looked at Paypal's HTML Variables for PayPal Payments Standard very closely
and looked all over the web for an answer. And I'm pretty sure I already know the answer to my own question, but it seems too absurd. So I'm asking just to make sure I'm not missing anything.
I realize this is basically a duplicate to this question, but he was given one stupid answer.
(Update: The stupid answer has been removed, and now there is a very good answer by another user)
I am collecting the customer's billing and shipping addresses on my site. I can send the billing address, but not the shipping address to PayPal.
The reason I want to send the shipping address is to use PayPal's shipping label service.
I realize that I could set the no_shipping variable to 2 to have PayPal prompt for and require a shipping address, but I am using the address they input on my site to calculate shipping costs with USPS' API. So I need to prompt on the site, and I don't want to make the customer fill in their address a SECOND time on PayPal.
So is there a way to make this work?
I need to:
Calculate shipping costs
Print labels
Keep the checkout process simple and fast
The document you reference does actually answer your question, although admittedly it is hard to pull out the specific answer you are looking for from all the possibilities. Look specifically here:
https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/formbasics/#id08A6F0SJ04Y
... under the heading "Overriding Addresses Stored With PayPal."
Or at least, that is the section for passing in a shipping address for PayPal account holders. If you are using PayPal account optional then it's even more complicated, see here:
https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/Appx_BillingShippingAddress/#id08A9BM00A5Z
Short answer: you can't pass in two separate addresses, but the address you pass is (usually, depending upon several related variables & conditions) treated as shipping address.
Part of the reason this is so complicated is that there are so many variants of checkout flows. PayPal recommends/prefers that you let them collect the buyer's shipping (and billing, where/if required) on their page and they will pass it back to you. (And this is by far the best for PayPal accountholders since they probably have the address(es) on file already with PayPal and thus don't have to type them at all.) But PayPal knows that isn't how every merchant wants to do it so the product is flexible -- to the point of being so complex it is almost incomprehensible at times.
I have been playing with the reference transactions facility on paypal and I have run into a bit of an issue.
Everything works fine right up until I try to retrieve the latest billing address from the customers account.
If I don't do this, everything works as it should and payment is taken.
Based on https://developer.paypal.com/docs/classic/express-checkout/integration-guide/ECReferenceTxns/ I have made the call to retrieve the billing address but it comes back with all the fields as null. The name is correct but the address is empty.
Any ideas on this. I can't integrate this into our site if I can't retrieve the billing address.
As with most things related to PayPal and their APIs, they simply hadn't bothered to document the fact that you have to liase with them and contact them for various parts of the system to be enabled.
Initially when using reference transactions I tried to setup a "Billing Agreement" and the API response alerted me to the fact that reference transactions needed to be enabled on sandbox and live accounts in order to function and that they had to do this themselves, not the owner of the sandbox / live account.
Brilliant, undocumented issue no1.
Once that was working, I moved onto testing the use of a "Billing Agreement" to take payment and as part of that you make a request to PayPal for the details of the agreement so as to ensure its still active and to get the customers delivery address.
I do that and everything comes back as expected apart from the delivery address...
After much head scratching I contact their technical support who informs me that again, this needs to be enabled on the sandbox / merchant account before it will return the address.
Seriously, I know that PayPals documentation is quite poor but this just takes the biscuit. So if anyone has any issues with reference transactions, just contact them and ask them to enable EVERYTHING related to it and explain what they have done.
Using the PayPal REST API, have the credit card form configured and processing correctly. Noticed that in sandbox mode the card validation is very loose, you can pretty much enter whatever you want for the payer details, as long as the card number is essentially valid.
I assume that once I change to live mode, using live credentials, the validation will be more strict.
I run a test, using a valid card number, but intentionally use a bogus name, address, expiration date, and cvv (the cvv I provide is only 3 digits, it should be 4 for AMEX).
The payment is processed successfully!
I scratch my head and make sure the site is really using the live credentials. It is. I check with my non sandbox PayPal account, it has actually received the payment.
What gives?
The amount was for $1. My assumption is that PayPal passed all the details along to AMEX (in this case) and AMEX saw that it was only $1, and didn't verify any other details? Fine, but wow, to me that's crazy! Talk about fraud waiting to happen.
Any insight would be appreciated.
Depending on how your account is vetted when you first open it up, PayPal may or not may give you full access to fraud filters. It sounds like you do have full access, which means it's going to accept payments even if AVS or CVV2 responses come back as a failure.
If you want to stop this, login to your PayPal account and go into your profile. Look for Fraud Management Filters, Risk Controls, or something along those lines. It's different depending on what version of PayPal account you have.
Once you're in those settings you should see lots of options for security filters you can set including AVS and CVV2 (card code).
Now, that would apply for the name, address, and cvv2, but it shouldn't apply for the expiration date. Are you sure the test you ran included an invalid expiration date? My guess is the card number and expiration were good, but you just used a bogus address and card code..??