Frauds prevention on digital downloadable goods sales with Paypal payments.

  • Posts: 61
  • Thank you received: 0
6 years 6 months ago #279371

-- HikaShop version -- : 3.2.0
-- Joomla version -- : 3.7.5
-- PHP version -- : 7

Hello.
I have a store, build on Hikashop + Hikaserial, selling digital downloadable goods (no tracking, email delivery and shown in the dashboard.
Last week we had a massive fraud on the website with Paypal. It was around 30 orders on total value 300 EUR. All IPs - proxy of course )) Almost all of them were pending on refund with reason "unatorised payment". I've check the system, and it seems that all those users made fraud purchases on our website has other names, addresses and emails than registered in Paypal. To claim Paypal sellers protection for digital downloadable sales it's necessary at least have same data of the buyer in the shop and in Paypal (adviced by Paypal when calling them).
1. How can I make such checking proceedure in Hikashop, when will be the same, to make purchase unable, when data are different? At least emails checking.
2. Is there any other possibility to protect digital downloadable sales payed via Paypal in Hikashop? For now we have to swtich off Paypal payments because we will stay in risk with it. From the other side we are loosing lost of clients because Paypal is unavailable. That's distructive for business.

Kindly ask you to provide information or ideas, how to make Hikashop + Paypal digital sale more save. Maybe other plugins are more save? Any information will be appriciated.

Please Log in or Create an account to join the conversation.

  • Posts: 81363
  • Thank you received: 13037
  • MODERATOR
6 years 6 months ago #279390

Hi,

In the settings of the PayPal payment method, you have the possibility to configure the plugin to force the address entered by the customer on your website to override the address on PayPal so that you will on fact get the same address on both ends.
For the email address however, PayPal has no system to force it to be the same with the standard PayPal API. You would have to use another one like PayPal express checkout were all the information is entered by the customer on PayPal's website and not anymore on your website.

Please Log in or Create an account to join the conversation.

  • Posts: 61
  • Thank you received: 0
6 years 4 months ago #281946

Thanks for the reply, Nicolas.
But in case I will use PayPal express checkout, it will not renew buyer's registered email on my website. As I understand it's mostly protection for physical products to keep track its delivery.
Maybe there is any other way or ideas how to protect digital sales with PayPal? We made refunds for the total amount of around 300 EUR. And that's not a business at all. Paypal switched off, and currently, we don't have sales at all because of that. We need to use Paypal somehow, but without additional settings, it's too risky.

Please Log in or Create an account to join the conversation.

  • Posts: 4486
  • Thank you received: 609
  • MODERATOR
6 years 4 months ago #282005

Hello,

Do you try to see with Paypal support via your IPN in order History ? For each Confirmed Paypal order your have in Order History an IPN that can able Paypal to see if some user isn't honest to the payment service.

After you can have a solution to configure your payment plugin to set order to pending status, instead of Confirmed.
And so, that won't prevent to have several order to be validated automatically.
The other solution will be to use any Credit card plugin (with 3D secure), of course we know that lots of user is used to Paypal, but here you see the limits of this kind of payment system...
I'm sorry for that, and hope that my answer give you some solutions to face this kind of issue.

Regards

Last edit: 6 years 4 months ago by Philip.

Please Log in or Create an account to join the conversation.

  • Posts: 61
  • Thank you received: 0
6 years 4 months ago #283346

Hello again, and thank you for advice.
After a long conversation with Paypal, they advised me that PayPal email address and user registered address should be the same. Or there should be any system, which will confirm that buyer have an access to the Paypal email since almost always Paypal accounts are stolen, not the buyer's emails. that will prevent the biggest part of frauds. I think that in case PayPal email will differ from registered Joomla email, some kind of verification link should be sent to the buyer's Paypal email after payment confirmation from Paypal. Meanwhile, Paypal email will be received after payment. And only after that verification order status should be changed to "Confirmed".
I understand, that it needs some custom development, but maybe I can expect it in further Hikashop updates? That's really good for the secure payments.
Any information or ideas will be appreciated too.

Please Log in or Create an account to join the conversation.

  • Posts: 81363
  • Thank you received: 13037
  • MODERATOR
6 years 3 months ago #283377

Hi,

Well, I'm not sure about adding that by default, even as an option. From our experience and the sales on our own website, many legit users have a different email address between the email address used to register on our website and their PayPal account email address.
Adding such check will be painful for you to manage all the false positives. Even myself I always use a different email address.

Please Log in or Create an account to join the conversation.

  • Posts: 61
  • Thank you received: 0
6 years 3 months ago #283455

I totally agree with you, but otherwise, we will have to switch off Paypal at all...

Please Log in or Create an account to join the conversation.

Time to create page: 0.067 seconds
Powered by Kunena Forum