I would like to check if a paypal user who tries to buy something from my site has a verified account before he makes purchase.
Once the user isn't verified, any payment he/she makes would fail. Funds will be returned back to user automatically.
Is there any code I can add or edit to make this work due to fraud issues.
Well I found this
https://www.paypal.com/us/verified/pal=emailhere
where if i replace emailhere with any email i get verified or unverified.
I would like to add this to the code.
Thanks
If you're not already, I would recommend using the Express Checkout API. This will allow you to check the payer status prior to finalizing the payment.
The SetExpressCheckout API would generate your token that you use to redirect the user to PayPal with. They would then sign in, review the order, and click continue which would send them back to your site.
At that point, you can call GetExpressCheckoutDetails to obtain all the buyer details including their verified status.
To finalize the whole thing you would call DoExpressCheckoutPayment. In cases where the payer is not verified, though, you could simply stop the flow and leave this call out. No payment will have taken place so no refund would be necessary. You can simply display a message that they need to verify their account prior to making purchases from you.
If you happen to be working with PHP I would recommend taking a look at my class library for PayPal. It makes all of this very simple for you.
Related
I am making a system in which user permits pre-approval of amount. I've used pre-approval with chained payment. But the problem is that my customer gets redirected to PayPal site and also he/she must have a PayPal account or need to create one. So can i make pre-approval payment using PayPal website payment pro? So my customers will not get redirected to PayPal account. And the process becomes more fast? Note :- I don't want to use authorization and capture method. Thanks.
Edit
One more question :- If i make the website in the UK and the currency in GBP, can I still use the American Paypal account for this?
Auth and Capture is what you're asking for, but then you say you don't want it..?? That's what gives you the functionality you're after, though.
You could do a $0 auth and then run DoReferenceTransaction when you're ready to process the payment as opposed to capturing an actual auth if you want.
Those are your only options when working with Pro, though, and it would give you the same sort of preapproval experience for the buyer.
Here are the steps to accomplish what you're after.
Use DoDirectPayment to run a $0 Authorization (card verification). Users will enter their credit card details directly into a form on your site without any redirection to PayPal (and without any knowledge PayPal is being used at all unless you notify them some way.)
Save the transaction ID that you get form this card verification into your transaction history for the customer in your database. This ID is what will be used to process future payments using that credit card.
When you're ready to process a payment for this customer, pull the ID out of the database and use it with a DoReferenceTransaction request to process any amount you need to.
So the card verification is your preapproval, and then running reference transactions are the same as running Pay requests with a Preapproval key. Both methods accomplish the same thing, but one is with direct credit cards and the other is not.
If you're using PHP you can use this PayPal PHP SDK to make all of the API calls very quick and easy for you. If you're using some other language then there are SDKs available for those as well I'm sure.
Please correct me if i am wrong, #Andrew Angell #Ved Pandya
Auth and Capture or Capture payments later method allows you to do direct payment, but it comes with additional charges, which might not suitable for crowdfunding model as refund/ cancel payment is very frequent
Auth and Capture: You are required to pay $0.30 for each "Card Verification Transactions"
Capture payments later: You are required to pay $0.30 for each "Uncaptured Authorization" that you triggered
https://www.paypal.com/us/webapps/mpp/merchant-fees
I get it that Paypal SDK (backed by REST API) has three steps:
Create a payment
payment = Payment({...})
payment.create()
return redirect( redirect_url( payment))
The customer pays and authorizes payment from within Paypal
Redirect to our site where we execute payment, thus transferring money
Should I store the created payments at step 1? I would thus capture all payment attempts, whether successful or not. Or can I create a payment, and not remember it until step 3? That is, record only the successful payments (within their respective Invoices). Is there any reliability or security issue or other harm if I do not store it at step 1?
I suspect not being able to roll back failures.
In Paypal terms, they are of sale intent and are meant for payment of invoices for services rendered. Card data do not touch our servers, I am deferring to Paypal on handling it.
I use paypalrestsdk, Paypal's Python SDK.
Previously, it was tricky to get the PaymentId back when PayPal redirects the page back to your server to authorize you, as there was no way to get PaymentId on 3rd step
However, now, the PaymentId is returned back as a part of the URL as shown here in 3rd step :
http://localhost/Server-SDK/PayPal-PHP-SDK/sample/payments/ExecutePayment.php?success=true&paymentId=PAY-62998961VU1587338KR3AXWQ&token=EC-4YC2489096181311L&PayerID=REABK2UGK7PLW
As you can see it has paymentId which is the Id that you need to store.
So, to answer you dont need to store anything till 3rd step.
Additional Note:
However, if you have some complicated logic/service you want to provide. E.g. send them an email reminder(if you have their emailId), to remind them if they abandoned your card, etc. However, there are many ways to do that besides using these steps.
I'm currently trying to implement a mechanism whereby i can return a customer to a success page containing an activated PIN allowing access to a piece of software. The process is a straight forward PIN purchase without any kind of user accounts or login system involved.
I have the payment buttons and IPN script in place and working fine, but this only allows me to email the PIN after a successful payment via the IPN script, since of course the two sessions are completely separate to maintain security.
My problem with this is that i can't be sure the customer has access to the same email they used to pay with via Paypal. I had the idea of asking the user to enter which email they would like the PIN sent to prior to the Paypal redirection and then sending it as a custom value.. but then came visions of a mammoth backlog of support emails where users have entered the wrong email. I would really like to be able to redirect to a success page containing the PIN.
Thanks in advance.
I would recommend using the Express Checkout API. The payer experience is very similar to standard payment buttons, however, the user is always guaranteed to return back to your site, so you can display whatever you want on your final page.
That documentation can be a little scary, but it's really just a matter of utilizing 3 API calls.
SetExpressCheckout - This is used to setup a new transaction and will return a token that you'll append to the end of a redirect URL to PayPal. The user is sent to PayPal, they login and agree to pay, and are then sent back the ReturnURL that you specify in this request.
GetExpressCheckoutDetails - Now back on your site/application, you use this API to obtain information about the buyer like their shipping address, address status, payer status, payer ID, etc. You will need the Payer ID for the final API call.
DoExpressCheckoutPayment - This is very similar to the SetExpressCheckout request, but no transaction is completed until this call is completed. Only then does the money move.
Again, those final calls are done on your site so you can use the API response data to update your database and display details on the final page however you want to.
Keep in mind that payments could still be pending for one reason or another, so you'll want to check the status (returned in the DECP response) and display appropriate information on the final page.
IPN's will still be triggered with Express Checkout so you can adjust the IPN script to handle pending payments or anything else you may want to automate outside the checkout flow.
If you happen to be working with PHP my class library for PayPal will make these calls very quick and easy for you.
After adding stuff in shopping cart, clicking some Pay Now with PayPal button, and successful PayPal payment (PP or CC), it is logically possible that a user stays on PayPal website, if for example the Auto Return option isn't activated (or it is but it doesn't work because the user is a guest user without PP account)
The user can return to the site by clicking a link, but doesn't have to. My question is: if he doesn't, how will the site owner be aware that the user paid so that he can now send the items by post? That the site owner gets informed of being paid seems elemental to me, so I find incomprehensible that such elemental thing be left to some obscure Auto-Return option.
Please can somebody explain this to me?
This is a common challenge with any redirected payment gateway, and it's the reason most (if not all) of them implement some sort of asynchronous notification that a payment has been completed. In PayPal, this is the Instant Payment Notification (IPN). You must setup on your site either a generic IPN listener that you link to from your PayPal account profile settings or you can create a more targeted IPN listener specifically for your transactions and use the NOTIFYURL (or related) parameter in the form or API request you use to redirect to PayPal to send IPNs to that listener.
In my integrations, I never perform any order update or transaction logging when the customer returns from the site, preferring instead to wait for the IPN that I can validate and ensure came from PayPal as opposed to a spoofed return from someone trying to hack my checkout process.
For more information, see the IPN documentation: https://www.x.com/developers/paypal/documentation-tools/ipn/integration-guide/IPNIntro
Paypal provide IPN for this purpose through which we paypal send request asynchronous to your site and you can perform whichever action you want
I think the point may have been missed here. Or a problem does exist. If the purchaser uses CC, even if you have IPN set up and it works, but if the purchaser uses CC and does not click a button on the last page, which is not presented when using PP account, it is possible for the funds to go through, but no IPN, and so your website is unaware of the purchase. This last page, is an extra page that CC user gets after the page with the Pay button on it.
In this state, you can even go into IPN history, and the IPN is there, says it is sent, but it hasn't been. It does not get sent until after the purchaser clicks the button on the extra page and then they are taken to the auto return page.
I am about to try and intergrate paypal standard into my site, i just want to know if this is possible with paypal standard?
I have a order form with a total that can vary depending on what they have selected.
User clicks buy now.
Redirects to paypal with details, user pays.
(I have done up to here before!)
My question is, when they click buy now, and pay.
At what point should one submit the order to the site database? and would you store the order status (Payed, or failed)
If anyone could let me know if this is possible, it would be great!
You'd store it as soon as the payment was verified.
What I mean by that: you shouldn't blindly trust the user. Verify the payment that went through by adding PayPal Instant Payment Notification () to your button. PayPal will then send a POST to this URL. You should take this POST data and send it back to PayPal for verification. If valid, you'll receive a VERIFIED response (as opposed to INVALID). When it's VERIFIED, you know for a fact that it's a valid POST. You can then do some additional checks, to verify whether the correct amount was charged etc.
Have a look at https://www.paypal.com/ipn/ for more information.