Using Paypal's IPN to check for fraud

cmdr_bond

Hello,

I have been trying to understand how the Paypal IPN script works. I want to be able to check to see if the payment amount the customer is paying is the right amount. I'm concerned that someone who's malicious, could put the "buy now" button on their site with the same variables as I have but just change the price paid for the goods to a lower value. How could I have Paypal check to see if it is the right amount?
I have the script to make this calculation, but I just dont know where to add it...

Thanks!

AstroTeg

A somewhat bullet proof way is to keep track of what they ordered and be able to total it up. The total you can then compare against the PayPal IPN transaction. If the paid total and the calculated total don't match up, then there was a problem. Trick is, you'll have to keep track of the order itself, which items where ordered, and what the order total was (including things like shipping and tax if need be). In a case like this where a thug snags the code and tries to tweak the values and run it on another web server, its do-able. But if you're checking if the order exists, and the order amount matches the paid amount, then you will know if the transaction was good/valid and can send the goods out (otherwise, you've got a bad order and some money for it).

cmdr_bond

Okay, so all i need to do is make sure that order doesnt get mixed up with my real ones and I just pocket the money the person tried to cheat me with.

Thanks