Jump to content
Sign in to follow this  
BradWaite

PayPal passthrough

Recommended Posts

Hi all,

 

I was originally going to build my own php shopping cart until I found osCommerce. One of the ideas I had was to completely insulate the customer from PayPal's interface by handling the entire process behind the scenes. This means we wouldn't have to worry about customers that are scared off by PayPal, and we still keep the benefit of PayPal's dirt-cheap rates.

 

Here's how it would work:

 

At check out, the customer enters credit card info into osCommerce. Then OSC makes the purchase through PayPal with the customer's information. To do this, PayPal asks for an email address. OSC would provide a valid but private email address (paypal1@mysite.com). Once the purchase is confirmed (through IPN?), OSC cancels the PayPal account.

 

There are a couple of caveats I've thought of so far:

 

1. If the customer already has a PayPal account and has that credit card on file with them, PayPal won't allow the new account to be created. In this case, we'd have to tell the customer we use PayPal and then use the regular PayPal payment module or ask them to use a different card.

 

2. A secure server would be required. I'm not too worried about insecure transactions regarding a shopping cart, or even my customer's contact info. But when we're talking credit cards, there's no way I'm going to take that info insecurely and pass it on to PayPal (even if I can pass it on in a secure fashion with CURL).

 

3. On a busy site, there would have to be more than one email address used to create the accounts. These would have to be defined beforehand, since PayPal sends the account confirmation to the email address provided. As far as I can tell, they don't keep you from cancelling an account and signing up again.

 

4. In some cases, customers have to add checking account information before PayPal will process the credit card. Why, I'm not sure, but it's still something to deal with. In this case, I'd just pass the user off to the regular PayPal modules.

 

5. Personally, as a CYA measure, I'd want to tell customers what's going on, maybe in the Conditions of Use section. Then give them the option of signing up with PayPal there if they really want to.

 

Your thoughts?

Share this post


Link to post
Share on other sites

There are a host of problems with this approach not the least of which is that it is against the PayPal Terms of Use and it is, in fact, not achievable due to the "Security Test" (prompts user to type in code from image).

 

But the better reason not to do it is that it will likely cost you sales and increase your fraudulent transactions. The group of PayPal detractors is tiny but vocal. And nearly 50% of PayPal payments are non-credit card and thus less subject to fraud and being charged back.


Patrick Breitenbach

Share this post


Link to post
Share on other sites
There are a host of problems with this approach not the least of which is that it is against the PayPal Terms of Use and it is, in fact, not achievable due to the "Security Test" (prompts user to type in code from image).

 

Patrick, I wouldn't have guessed someone from PayPal would actually be on the list and paying attention.

 

I wasn't aware of the violation of terms of use, but it is most certainly achievable. Basically the idea was to proxy the PayPal signup using CURL. That way, everything that gets sent from PayPal is passed on to the user (except maybe the email as discussed previously).

 

I haven't read the terms of use recently, but doing this wouldn't be any more against the rules than a standard web proxy would.

 

But the better reason not to do it is that it will likely cost you sales and increase your fraudulent transactions. The group of PayPal detractors is tiny but vocal. And nearly 50% of PayPal payments are non-credit card and thus less subject to fraud and being charged back.

 

You've got the internal stats, but I would tend to disagree. In my personal experience, over 99% of my sales transactions have been from a credit card. Plus, as other people have mentioned in this forum, they have doubled their sales by adding another payment processor other than PayPal.

 

And how would it increase fraudulent transactions?

 

I look forward to your response. As well, thoughts from other users.

 

Brad Waite

Share this post


Link to post
Share on other sites

If you take a look at our sign up pages you'll see a "Security Test" that is specifically designed to prevent automated signups.

 

I've yet to see evidence that PayPal decreases sales.


Patrick Breitenbach

Share this post


Link to post
Share on other sites
If you take a look at our sign up pages you'll see a "Security Test" that is specifically designed to prevent automated signups.

 

I know what you're referring to, but I'm not talking about automated signups. If OSC is just acting as a proxy and passing everything from PayPal on to the user, including the image and the form field, it's not a problem.

 

Think of it as "assisted signups".

 

I've yet to see evidence that PayPal decreases sales.

 

Check out http://forums.oscommerce.com/viewtopic.php?t=23336, page 3.

 

Don't get me wrong - I don't hate PayPal as others do. It's been one of the best tools in my sales aresenal. But that doesn't mean that I don't want to do everything I can to maximize sales.

Share this post


Link to post
Share on other sites

What would be nice if we could have a way to pass through the customers

info name,address etc, so they do not have input this info twice. I have not set up the paypal IPN module yet, but evidently it does not do this.

Jim

Share this post


Link to post
Share on other sites
What would be nice if we could have a way to pass through the customers

info name,address etc, so they do not have input this info twice. I have not set up the paypal IPN module yet, but evidently it does not do this.

 

Actually, Jim, it does.

 

I'm extremely impressed by the the IPN code. Pablo went all out on it.

Share this post


Link to post
Share on other sites

To me, when I play human on the internet and not a coder ... :shock:

 

The use of PayPal is great as it's only one place that knows my personal information not 27 thousand places ... and I personally get ticked off when a place does not take PayPal.

 

But then I hate giving every tom, dick and harriette my private information about my credit cards when I do not know these folks from adam and anyone can look good and be a rat 8)

Share this post


Link to post
Share on other sites
If OSC is just acting as a proxy and passing everything from PayPal on to the user, including the image and the form field, it's not a problem.

 

Oh, I understand. This is not worthwhile for at elast two reasons: 1) you will frequently return the "new user" page to existing PayPal users since you won't be including the cookie we set for existing PayPal users and 2) we instruct PayPal users to never, ever supply information if the Address: doesn't read "https://www.paypal.com".

 

But then I hate giving every tom, dick and harriette my private information about my credit cards when I do not know these folks from adam and anyone can look good and be a rat.

 

This is a good point and highly underestimated by e-shop owners. In fact, consumers are frequently wary of providing their credit card information to someone they do not know and one reason why they are likely to see higher sales volume with PayPal.


Patrick Breitenbach

Share this post


Link to post
Share on other sites

Patrick,

 

While we've got you here, Patrick, can you comment on the non-existant customization of the checkout page on Paypal.

 

I think that it would help a great deal if we could customize the Paypal checkout page, similar to what "2checkout" is doing.

 

It would then be seemless to the customer. I get at least a half dozen emails a week saying that they would have ordered, but they didn't like that they had to leave my site. They actually suggested that they would prefer that I accept their CC info directly. With 2checkout, they think that I am.


-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Share this post


Link to post
Share on other sites

You can display an image in the upper left with the "image_url" field (for best results, create an image that is 150 x 50 pixels and served from https).

 

You can set the background to black by including:

 

<input type="hidden" name="cs" value="1">

 

I don't know what to tell you with respect to customers preferring to give their credit card information to you. Over 20 million users have provided it to PayPal. I'd be interested to have a look at the emails to see what the concerns are if you wanted to forward them to me.


Patrick Breitenbach

Share this post


Link to post
Share on other sites

Well, it is strictly against my privacy notice to forward you a customer's email, but here are some portions of their emails.

 

...thanks for your interest. FYI the problem I encountered was with PAYPAL.

Not their problem, really. I had established an account with them a while

ago and since that time I changed my email address. PAYPAL has a way of

dealing with this situation but it looked like it was going to take me some

time to sort it all out and I just decided to save myself the effort and go

to a site that would accept credit cards directly. ..

 

Hi, why don't you accept credit cards directly, but instead use Paypal?

 

I can not be registered, my country is not present in the list...

FYI Republic of Moldova

 

Maybe if you were to make it a little easier to

order such as my address and card billing info on the same webpage i might

reconsider ordering some computer games from you as I order about 4 monthly.

 

When we finally got past that, the PayPal site was essentially the same thing, and once we got that filled out, the site was down and said to come back later.

 

I found very incovenient going through paypal. the first time i tried to pay for Never Winter Nights, it did not bring me back to the site as the warning on the site stated. so i was in a situation wherein my account was charged but have no idea if wizards got my order. Then I got an email confirming that i paid for a different game.

 


-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Share this post


Link to post
Share on other sites

BTW, Patrick,

 

You can set the background to black by including:

 

<input type="hidden" name="cs" value="1">

 

Where?

 

I think this functionality is awesome, and I didn't know about it. Personaly I like Paypal, and I think that if my customers took the time to read my FAQs, they'd like you too. However, I find that the majority of customers would rather give me their credit card numbers than to be directed to your site. I've actually lost sales because people didn't realize that I offered an alternative to paypal. When I first added that alternative, my sales increased almost 30%.

 

Is there any way I can make the header the same as it is on my webpage normally? Also, if I change the background to black, will you be able to read it, or do the letters automatically change to white?


-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×