Paypal loophole?

by Bai_Mike 13 replies
I have been reading that there is a loophole within paypal when you submit payments.

Is there any way to overcome this problem or catch people who exploit this fraud?
#main internet marketing discussion forum #loophole #paypal
Avatar of Unregistered
  • Profile picture of the author tj
    Originally Posted by zijian View Post

    I have been reading that there is a loophole within paypal when you submit payments.

    Is there any way to overcome this problem or catch people who exploit this fraud?
    Any links where we can read about it?

    Timo
    {{ DiscussionBoard.errors[7623].message }}
    • Profile picture of the author jensrsa
      If you don't encrypt the Paypal code anyone can change your field values, specifically the price, currency and email address although the email address would probably mean that they don't get access to the product.

      Techies can probably decrypt (unencrypt?) the code even if it is encrypted, I'm not sure.

      Jens
      {{ DiscussionBoard.errors[7667].message }}
      • Profile picture of the author peteinoz
        Originally Posted by jensrsa View Post

        If you don't encrypt the Paypal code anyone can change your field values, specifically the price, currency and email address although the email address would probably mean that they don't get access to the product.
        Yes exactly correct!!
        Techies can probably decrypt (unencrypt?) the code even if it is encrypted, I'm not sure.
        Jens
        impossible to 99.999999999999999999 of people out there. your safe if its encrypted

        cheers

        pete
        Signature
        HangoutMillionaire.com World Premeire Automated Video Marketing Software, Streams YouTube Live and Google Hangouts. Special Offer Link!
        Follow me on Twitter http://twitter.com/peterdrew
        {{ DiscussionBoard.errors[7674].message }}
        • Profile picture of the author jensrsa
          People often don't use the encryption when they have a number of products and don't want to set up each one separately but the risk is really not worth it.

          Jens
          {{ DiscussionBoard.errors[7680].message }}
          • Profile picture of the author Bai_Mike
            The loophole is actually pretty simple and just changing the form value of the payment to any value you would like.

            IPN seems to be a good answer to it, since the script processing is two way.

            Another question about IPN. Is it possible to set it up in such a way that when anyone cancels a subscription on paypal side, paypal informs my server and allows me to cancel the person's membership immediately on my website?
            {{ DiscussionBoard.errors[7768].message }}
            • Profile picture of the author imb
              Yes IPN can do almost all automated things you can think of.
              Signature

              {{ DiscussionBoard.errors[7771].message }}
            • Profile picture of the author MikeLantz
              Originally Posted by zijian View Post

              Another question about IPN. Is it possible to set it up in such a way that when anyone cancels a subscription on paypal side, paypal informs my server and allows me to cancel the person's membership immediately on my website?
              Absolutely. That is part of the IPN system. IPN automatically sends a subscr_cancel notification any time someone cancels a subscription.

              Mike
              {{ DiscussionBoard.errors[7773].message }}
  • Profile picture of the author MikeLantz
    There are certainly loopholes with the way certain people and programs implement Paypal for processing payments (no, I won't tell you what they are). However, if you use IPN with a trusted script, there is no loophole for getting products without payment.

    Mike
    {{ DiscussionBoard.errors[7678].message }}
    • Profile picture of the author pjs
      Originally Posted by MikeLantz View Post

      There are certainly loopholes with the way certain people and programs implement Paypal for processing payments (no, I won't tell you what they are). However, if you use IPN with a trusted script, there is no loophole for getting products without payment.

      Mike
      Correct. Your IPN script should verify that the amount paid matches the cost of the item you're selling. If not, it doesn't allow the product delivery.
      Signature
      Mom and Pop Money WSO *** - How ONE Lead Capture Page Made $9K in 2 Weeks in the "Offline" niche!

      PeterSanchez.com >>> FollowPeter.com (Twitter)
      {{ DiscussionBoard.errors[7802].message }}
  • Profile picture of the author imb
    Installing a customized IPN script will solve "hacking" the buy button code issues.
    Signature

    {{ DiscussionBoard.errors[7752].message }}
  • Profile picture of the author samstephens
    It's a VERY good idea to use a script to verify payments via the IPN system.

    If, however, you're not a programmer, check out a download management system like DLGuard - Download page protector, create expiring download links that offers all the security with no programming knowledge needed (as well as the benefit of offer secure download links as well as just a secure sales link).

    At a minimum, if you're not using a download management system, you should ALWAYS use encrypted Paypal buttons.

    This doesn't protect your thankyou/download page, but at least it'll stop most of those 1 cent transactions!

    But it's worth thinking seriously about implementing a download managment system to make your life easier and more secure.

    cheers
    Sam
    Signature
    DLGuard v5 - The Warrior Edition
    Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

    www.dlguard.com
    Serving the Warrior Forum since 2004
    {{ DiscussionBoard.errors[11669].message }}
    • Profile picture of the author Chris Monty
      Agreed. Those $0.01 PayPal hacks are annoying but most of the tools mentioned here should do the trick.
      {{ DiscussionBoard.errors[11683].message }}
Avatar of Unregistered

Trending Topics