| View previous topic :: View next topic |
| Author |
Message |
gsaielli
Joined: 20 Jul 2011
Posts: 3
|
 Posted: Sun Dec 15, 2013 4:21 pm Post subject: Skip amount paid check |
 |
|
Hi,
There is a problem with IPN.Net as far as I understand:
- Suppose you sell software from Europe: Paypal will add VAT as needed, depending from buyer location
- Suppose a license costs 100: it will generate a transaction of 122 if the buyer is from Italy and a transaction of 100 if he/she is from, say, USA
- So when Paypal posts the notification, the amount paid check built into IPN.Net will fail with: “Incorrect payment. Expected X, got Y
Is it possible to disable the amount check in the transaction?
Thank you,
gsa |
|
| Back to top |
|
 |
Infralution
Joined: 28 Feb 2005
Posts: 5027
|
| Posted: Mon Dec 16, 2013 9:50 pm Post subject: |
|
|
This is not a problem. IPN.NET handles VAT and GST taxes and doesn't include these when checking payment totals. For example PayPal adds GST for our customers in Australia but not elsewhere.
_________________
Infralution Support |
|
| Back to top |
|
|
gsaielli
Joined: 20 Jul 2011
Posts: 3
|
| Posted: Tue Dec 17, 2013 6:46 am Post subject: |
|
|
Thank you for your quick response! I'll do another test, maybe I'm wrong, but I still need to disable the amount check to support promotions and discount codes which DO change the amount got from the client. Is it possible to disable this check?
Thank you,
gsa |
|
| Back to top |
|
|
Infralution
Joined: 28 Feb 2005
Posts: 5027
|
| Posted: Tue Dec 17, 2013 7:53 am Post subject: |
|
|
Currently it is not possible to disable this check. Although if you purchased the source code it would be fairly easy to remove. The problem with removing the check is that someone can create their own script to submit a payment for the same product to PayPal but for much less money. We have had a few instance of people trying to make fake purchases this way - which were rejected by this check.
_________________
Infralution Support |
|
| Back to top |
|
|
gsaielli
Joined: 20 Jul 2011
Posts: 3
|
| Posted: Tue Dec 17, 2013 3:28 pm Post subject: |
|
|
Listen, I'm very happy with Infralution, really, but the last does not convince me. No way.
For example, how could the bad guy guess the IPN post address? And he would at least pay a dollar using real Paypal account or real Credit card, release a real email... mmm, no.
Disabling amount check is someting that you should implement, in my opinion. But it's just my opinion and I supposed I had to buy sources whereas I don' t like to be forced to do it.
Thank you again,
gsa |
|
| Back to top |
|
|
Infralution
Joined: 28 Feb 2005
Posts: 5027
|
| Posted: Tue Dec 17, 2013 10:19 pm Post subject: |
|
|
Actually they don't need to know your IPN post address. They can submit a legitimate payment to your PayPal account - just for the wrong amount (say 1cent). PayPay then posts this transaction to your IPN handler.
Creating encrypted payment buttons makes this more difficult - but unless you supply PayPal with your sites public certificate and enable encrypted website payments it still can be done. The PayPal developer documentation recommends that you reconcile payment amounts (see
https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/encryptedwebpayments/ )
We could potentially provide an option to turn the checking off if customers want to risk it - but it would not be until the next release, which may be a couple of months away.
_________________
Infralution Support |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
