antifraud - response for pbanette

[html]The only part I am curious about is Thomas’s Statement:

“email was generated automatically by the antifraud system”

What is the anitfraud system.

Don’t want to know if a response is going to continue this thread[/html]

Because the tread was closed I can responde only opening a new thread.

Maybe you remember Paypal exploit !

and there are some on this forum, make a search… or google is your fiend.

After having received some nice fraudulent payments and lost a lot of money, we have developed a module, can be called antifraud, to verify paypal payments.

Let me explain:

In most cases the hackers are gathering the paypal passwords and/or the credit card data, or simple they are exploiting the paypal.

There are a lot of methods.

But they can not use the email address used for paypal to get the ordered products.

(in most cases they don’t have the access data to the email box)

Our module verifies if the paid amount is the same as the product price (total price).

Also verifies if the paypal user is verified and the email addresses match and some other criteria … (maybe a hacker read this post, ha ha)

If there is a “difference”, the order will be not processed automatically (we are selling digital goods and services) and an email is sending automatically to the email address which is used for paypal (and not to that one entered during the order process!) and requesting the payment confirmation.

That’s all in some words, no harrasing, no sensitive data.

The original thread reopened

I will admit that many parts of this mod sound very good. The only thing I question is I would NEVER want to harrass a customer to send their Paypal email or a copy of their email.

One option may be to send an email that an order was placed with the email on their Paypal account and if they did not place the order please let you know. Then you would tell all of your customers there would be a 24 hour wait. I guess you could offer both.

Another option is to send them an email to their email account on Paypal that puts a password to be able to download the software.

These are just ideas. I’m sure others have many more. My only point is I would never contact a customer asking them to send a copy of the Paypal email or the name on their account.

[quote name=‘clips’]Another option is to send them an email to their email account on Paypal that puts a password to be able to download the software.[/QUOTE]

I’ve bought software with this type of security and I thought it worked really great. As a customer I just had to login to the store and enter a code to be able to download my software. Basically the software was available to download right away and there wasn’t a waiting period, but I had to enter a code to be able to access it.

By sending a code for the customer to enter into your site to download the software it will also allow the customer to dispute the charge if it was done without their authorization.