minglou 0 Posted August 26, 2004 Hi guys, These days i experienced some paypal fraud ( maybe it is not fraud), i used orignal paypal module comes with MS2 i sell item with instant download via oscomerce shopping cart, item name: xxx, and the price is:$20.00, a guy come from taiwan, ordered a item and he just only paid $0.01 and he got the instant download. Finally, i found how he did that 1. He creat a fake account 2. he login in and order the item and checkout and then the page redirect to paypal checkout page. The URL like this: https://www.paypal.com/cgi-bin/webscr?amoun...php&cmd=_xclick and then he change the amout from 20.00 to 0.01 and refresh the page, so you can see the item price changed to $0.01 ( that easy ha), and login in his paypal account and ordered with $0.01 and he got the download item. ( i think this way works with most online business accept paypal, especially instand download, that is even worse) Until now i haven't find a way to protected, i want to hide the address bar from explorer, so they don't the exactly URL is, maybe not works, i am not sure. what about PAYPAL IPN, Does it works with this kind of way to prevent this problem? Guys, i need some opinions, how to stop this? sean Share this post Link to post Share on other sites
JohnnyVegas 0 Posted September 1, 2004 PayPal IPN will solve this problem for you. Do it. Share this post Link to post Share on other sites
New 