How to verify legit PayPal buyer? - paypal

I'm using Paypal Express checkout to get paid.
Now I would like to verify the buyer is legit.
The customer selects his shipping address on my site and this address will be sent to Paypal.
I first check the payer is verified.
Now I want to check that the shipping address the customer selected is confirmed by PayPal.
My question is: can i count on PAYMENTREQUEST_0_ADDRESSSTATUS field?
Are there any other checks you recommend me testing before approving the order?
10x

If PAYMENTREQUEST_0_ADDRESSSTATUS is Confirmed, it means that PayPal has taken extra steps to confirm that the address most likely belongs to the buyer (or the buyer is associated with that address in some fashion). In this case, PayPal will usually cover you (the merchant) under the Seller Protection Policy -- e.g., as long as you ship it to that address using a traceable carrier, PayPal will insure you against unauthorized purchase ("I didn't buy this") claims as well as item not received ("I never got this") claims. It's probably about the best indicator you're going to get that the transaction is legit.
However, keep in mind that the final determination as to whether PayPal will cover you under the Seller Protection Policy is made when you call DoExpressCheckoutPayment. If PAYMENTINFO_0_PROTECTIONELIGIBILITY comes back as Eligible, you're covered.

Related

Verify Paypal id is valid or not inserted by user

I want to verify that whether user has entered valid Paypal id or not. If not than user can't do registration. I've also visited this [1]: How can I verify a PayPal ID? question but it doesn't help me :(
You can't find a direct answer because "valid PayPal ID" doesn't have a single fixed meaning. You will need to be more specific as to what you are trying to discover. Then there may or may not be a way to accomplish what you want, since PayPal protects some aspects of their customers' account and identity information for their protection (and for business reasons).
A bit of background that may help you clarify your question, if not necessarily answer it:
Any email (or phone number) can be configured to receive PayPal payments, in many cases even if the email was not attached to a PayPal account at the time the payment was sent. However, not all PayPal products can function in this way (e.g. you cannot make API calls as an account that has not been set up and has not generated API credentials). Are you asking about receiving money, and if so with which product(s)?
Most people can pay through PayPal if sent to a PayPal page, whether they are accountholders or not (depending upon the PayPal product being used). In addition to guest payments and/or direct credit card payments through PayPal, people can set up PayPal accounts when they arrive and immediately pay with them. So collecting email first and refusing to go forward if there is no PayPal account attached to that email would loose you potential customers. It would also "let through" many customers who could not pay, such as people who know an email address but don't own the attached PayPal account. PayPal also intentionally declines to easily answer questions about whether an email has an associated PayPal account in order to make it harder for bad actors to accumulate lists of PayPal accounts (often with associated personal information) for spear phishing campaigns. There are some APIs that allow you to get limited information about a PayPal account but there are limits associated with these APIs; see e.g. GetVerifiedStatus documentation at:
https://developer.paypal.com/docs/classic/api/adaptive-accounts/GetVerifiedStatus_API_Operation/
Note also that Verified has a particular technical meaning in PayPal, and is NOT AT ALL THE SAME as "able to pay you."
If you want to know if someone can log into their PayPal account, and then use that PayPal account to get information about the user (as well as potentially pay you), that's easy: use Login with PayPal. That's what it's for. Naturally this requires the user to login and assent to your use of their information.
If you want to know if someone can take a particular action (e.g. make a payment), at this moment, the only way to be certain is to actionally request that action. You have options short of actually requesting money; if you want to ensure the user has funds and reserve them for you to collect shortly you can request an authorization rather than a sale. If you want to make sure the user can log in, has payment mechanisms and generally looks ready to pay you (but WITHOUT reserving and guaranteeing funds) you can request an Order.
Hopefully one of these things is what you are asking for?
If you have a PayPal AccountID (a PayPal-generated ID rather than an externally-generated identifier like email or phone number) you can pass it to certain APIs (such as the GetVerifiedStatus), so many of the same options above apply.

Paypal chained payments( shipping address)

I have a question about shipping address on paypal chained payments
So on my app(buyer-receiver1(me where I collect my %)receiver2(seller where I pass the rest of the money).The flow is like this:Set actionType: CREATE, call PAY API, receive payKey,setPaymentOption(where I set the shipping address),redirect to paypal page to pay(on review page I can see shipping address)
After ogin in seller page and I have this message: Seller Protection Not Eligible(We have no shipping address on file.)
So I emailed paypal stuff and this was their response:
As stated in the documentation of Adaptive payment(chained payment). The sender does not know the existence of secondary and vice versa, hence the secondary receiver won't be able to see who the buyer is. If you would like this to be possible, the only way is via IPN. whereby the IPN must include the secondary receiver.
So my question is: is there something I can do beside IPN where I can transmit the shipping address to the seller for seller protection? If not can you point me some tutorials beside documention. Thank you
Have you tried making the seller the primary receiver and yourself the secondary receiver? You don't actually need the shipping address, so if you're the secondary receiver then it doesn't matter if you don't get it.

Paypal API, What are its capabilities?

Well I asked though the paypal site, but have got no answer. I got the famous email with "Your question has been received. To review the status of your ticket, click on the link below." with no link in it. So I'm hoping I can get an answer here.
This is what I sent them:
It appears you have multiple APIs available and I'm having a hard time figuring out what the each API is capable of doing exactly. I want to create a site that in short, brings buyers and seller together. Here is what I am looking for:
Buyer and Seller make an agreement through site.
Buyer sends money, seller is unable to touch it yet though. (Basically can paypal secure a payment?)
Seller gets notice of money sent and notice to ship product ship product.
Alternative paths for step 4:
Buyer gets product and there are no issues, the buyer confirms the transaction and payment is released to the seller and a set % is sent to me. (Can paypal split payments?)
Seller never ships product or problem arise in shipping that cannot be resolved, paypal returns money to buyer without penalty. (Can paypal return funds without penalty?)
Product arrives, but has issues. There will be set penalties for said issues. Penalities are returned to the buyer, then rest is sent to seller and set % sent to me. (can paypal enact a penalty?)
Any general information or answers to my specific questions would be greatly appreciated. thank you for your time.
For #2, since you're the service provider, you'll be liable for product delivery. Paypal won't do it for you.
An ideal workflow would be:
Your buyers pay you
You withold the payment
Buyer okays the shipment
You keep your cut and pay the rest to the seller
If you have to refund your buyer (order cancellation, or some other reason), you can use paypal's refund api
To summarize, paypal is just a payment processor and would ensure that payment reaches from endpoint A to endpoint B. How you use paypal for your particular use cases is totally upto you.

PayPal Chained payments error 520009

I am trying to setup a chained payment app, and got the application approved. I was hoping that like in parallel payments, chained payments can have users with or without a registered paypal account. But with email accounts that are not registered, the api returns an error code 520009 saying the account 'email#domain.com' is restricted. I did see the following link having the same issue.
https://stackoverflow.com/a/10262241/903978
Though in their dev doc says anyone with an email can get paid/ notified (except the app owner who needs a verified account), It is throwing an error. I have posted a ticket to paypal/mts but have nt heard from them yet.
My app case is,
1. User gets paid eg $100. They are the primary recipient in chain.
2. application (secondary reciever) gets a cut of this payment. say $2.
Any one know if chained payments need primary as well as rest of the recipients to have valid paypal accounts and not just an email? Or is there something in the call that allows primary recipients with just an email address?
( I know that application owner needs a registered paypal account).
Thanks
Paypal/mts confirms that their documentation is incorrect. Chained payments require confirmed paypal accounts and not just an email ID. They said they will update the documentation.
I can confirm this also, Paypal Adaptive Payments with Chained Delayed payments does require the secondary receiver and the primary one to be verified, but there seems to be some confusion about 'confirmed' and 'verified'. When pressing PayPal on this we discovered the criteria differs (or so they told us at Eco Market) and that users sometimes have to have confirmed their email address (simply clicking the verification email they get sent), but sometimes also have to go a step further and verify their account (going through the other steps like bank account confirm). They told us is varies based on country sometimes but for security reasons didn't tell us much more on how they do this (not overly helpful).
What we do to handle this is catch the error and as a marketplace we automatically contact the customer/seller to inform them the order cannot be processed due to the sellers account not being verified.
Going a step further, you could also validate sellers (again in a marketplace model) accounts by using the exact same API to take a small payment from them (which could be refunded using the API), which would allow you to validate sellers to make sure that they had a verified account before signing up.
Hope it helps if anyone else has any experiences of this and how they handle it I'd love to hear.
Jason Dainter
Eco Market
In my experience, in adaptive payments, (in particular chained payments) you need this environment:
a) the app holder/developer must have a registered and verified paypal business account (the premium account is ok too but not the personal)
b) the recipients must have a business account
if the amount doesn't exceed the limits it is ok if it is not verified too but if the amount exceeds the limit you'll have a problem in the chain.
c) the sender must have a paypal account, a simple personal account will fit.
Sometimes (rarely) happens that one payment fails due to restrictions on the sender email. The most frequent case I saw this happens was when the sender made a preapproval with one e-mail and then, before the preapproval was payed, he/she changed the e-mail in his/her paypal account. Silly but paypal has no control on this environment.
Hope this is helpful for you.
Cheers, Fil.
Genoa, Italy

Does PayPal recycle PayerIds? I'm linking private information to PayerIds

I'm changing my online store right now. I decided to remove accounts altogether... so that the users can go straight to paypal express checkout and just pay.
I'm doing the paypal part first, then i redirect back to my site to let them fill in a shipping address, billing address, and then review the information before submitting the order.
So far i noticed that Paypal always sends back the same PayerID if you are logging into a paypal account. Also, if you don't log into a paypal account (and just punch in your credit card), it will return the same payerID for that credit card in the future.
Is it safe for me to keep track of shipping address in order to create an address book and link them to the payerID? That way, returning paypal customers will be able to select a saved address...
Does paypal recycle these IDs... or are they always going to be unique and there is no fear of me showing someone elses information to another customer...
Thanks.
No, PayerID's are unique to each account. They won't ever change for the same account.