jbranscum Posted June 16, 2017 Share Posted June 16, 2017 Greetings all I posted a Github issue but have not heard back so I'd like to see if there is prior experience with this. My spouse has a CC store with embroidery designs; all digital downloads. This morning a user rang up every single design in the store into a sale worth hundreds of dollars but only paid 0.01USD and CC approved it. I find it hard to believe I'm the first victim of this but I don't understand where things went wrong to allow a payment less than the order total to be approved; surely CC/Paypal Payment module would do a sanity check on the IPN data to make sure the amounts matched up. I'm not entirely sure what can be posted to ensure I'm not giving away too much information for some ne'er-do-well to capitalize on it. I checked the webserver logs and the IPN came directly from Paypal's server Running CC 6.1.8 with Paypal Standard 1.0.5 on NginX using FastCGI+PHP So.. What happened? Where did it all go wrong? How do I prevent this from happening in the future? Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 17, 2017 Share Posted June 17, 2017 Thanks for this. I'll take a look next week. It should be quite simple to check the IPN amount against order amount. I would however recommend using Express Checkout instead which won't have this issue and should increase conversions as no registration is required. PayPal consider the "standard" integration as legacy and want us to push Express Checkout instead. Saying this we can add a simple check to the PayPal IPN call.... Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 17, 2017 Share Posted June 17, 2017 I've closed this as there's no point having two discussion channels. Please refer to the guthub issue. Link to comment Share on other sites More sharing options...
Recommended Posts