maccaj22 Posted November 11, 2004 Posted November 11, 2004 Hi guys, hope someone can shed some light on this problem. I recently received some high dollar value order (for the site), both over $1000 and both paid by credit card, and both were the same customer. I immediately became suspicious of a stolen card etc... I received an email from my gateway payment site (www.eway.com.au) saying that the customers card has be charged $1 for each transaction. How did the customer manage to change the dollar amount on each order from $1000+ to just $1? I am very confused since the site is protected by SSL. thanks.
♥Vger Posted November 11, 2004 Posted November 11, 2004 If you are using the standard PayPal module that comes with osCommerce it is easy for someone to do. They just alter the amount shown on the screen. If you install the PayPal IPN module they can't do this as the data is encrypted. Make sure that you issue a refund for the $1 payments via PayPal immediately, to avoid any possibility of a charge-back scam. Vger
Chris Dunning Posted November 12, 2004 Posted November 12, 2004 Since the original poster has already mentioned a different payment gateway, I doubt this is an issue with the PayPal module. Macca, there isn't much information for us to work with here. Do you know how the infomation is transmitted from your store to the payment gateway? If not, can you show us which module you're using (maybe a link to the contribution)? Chris Dunning osCommerce, Contributions Moderator Team Please do not send me PM! I do not read or answer these often. Use the email button instead! I do NOT support contributions other than my own. Emails asking for support on other people's contributions will be ignored. Ask in the forum or contact the contribution author directly.
maccaj22 Posted November 14, 2004 Author Posted November 14, 2004 Vger, the issue isn't with Paypal. BlueNoteMKVI, I don't know how the data is trasmitted but I have found the link to the contribution from the payment gateway's site. http://www.eway.com.au/support/files/php_eway_xml_v4.zip any help is appreciated.
♥Vger Posted November 14, 2004 Posted November 14, 2004 Yes, sorry, but I missed the address of your payment processor in your original post. I answer so many questions relating to PayPal giving just this problem that I read through your post too quickly. I am not a php programmer, more a knowledgeable user, and so my looking through the code of your present module wouldn't help you. The only thing I can point to is that it is the same problem you get with PayPal, and the underlying reason may well be the same. The standard module doesn't use encryption, whereas the IPN does, and this is what prevents users from simply adjusting the price prior to passing it on for card processing. I would suggest you ask your processing provider if the module provides for encryption of data prior to transmission. Two further points. 1. Make sure that you issue the refund as I outlined. 2. If you don't have your own dedicated ip address and full ssl cert you may want to think about getting them. Vger
Guest Posted November 29, 2004 Posted November 29, 2004 Sorry for raising a somewhat Dead post, but I had a similar problem. I had a customer whom placed an order for 2 products, however on verifying the order (my partner and I validate each order before we send to shipping) I noticed that 1 of the products had the full rate ($26.00) and the second was 0$ (a $270 dollar product). My first thought was that the customer changed the rate going to paypal, but when I looked at his order in the admin CP, I found that his product was actually listed as 0$ in his cart. OK not a problem, must be an issue with that product right....No. I signed in as a user and choose the same products, shipping and payment methods as he and my order was correct. This is a strange problem that I am unsure how this happend, let alone how to prevent it. I am far from a programmer, but is it possible for a customer to 'inject' an amount to thier cart on checkout? Does any one have any ideas? Some stats that might or might not be relavant: I have had 84 orders with no issues. 1 with an issue (problem at hand) OSC 2.2-MS2 HTTP Server: Apache/1.3.33 (Unix) FrontPage/5.0.2.2635 PHP/5.0.2 mod_ssl/2.8.22 OpenSSL/0.9.7e PHP Version: 5.0.2 (Zend: 2.0.2)
♥Vger Posted November 29, 2004 Posted November 29, 2004 osCommerce is not compatible with php5. There is a known problem with one file in admin, which is admin/includes/classes/upload.php (line 31) and the definition $this=null. This can be cured there quite easily, but the $this definition is used right throughout osCommerce for various things. Don't know if this is the cause of your problem, but php5 is an unknown element, and shouldn't really be installed on live web servers at the present time. Vger
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.