cancel
Showing results for 
Search instead for 
Did you mean: 

We welcome your ideas on how we can help improve our documentation and merchant integration services and features. We can't guarantee that ideas will be implemented but your ideas and kudos on ideas will give us valuable insights and feedback we can showcase to our product and developer teams.

By submitting an idea you agree to the PayPal Community Help Forum Agreement and specifically the sections pertaining to user submitted feedback and content.

Include if Buyer has used 2-factor to approve payment.

Include if Buyer has used 2-factor to approve payment.

Since the rise of fraud coming from PayPal buyers is getting critical... you need to start supplying more information in the GET orders details after a Buyer approves the payment through the PayPal terminal. So Merchants can decide the risk factor if that so-called-buyer is the real owner of the PayPal account, or some hacker.

 

Your current process: 

  • Merchant site presents cart and button to pay using PayPal.
  • User clicks PayPal button to pay.
  • User is directed to PayPal (now entirely out of Merchants hands).
  • User falsely logs into someone else's paypal account (to commit fraud).
  • User 'confirms' the payment and is directed back to merchant site.
  • At this point Merchant gets order details via API, and only receives a buyer name/email.... very little to go on for score detection.
  • After merchant captures funds, later down the line the REAL owner of the paypal account files a chargeback dispute and costs the merchant time and money.

This cycle then goes on and on because so many paypal accounts are being hacked in on a daily basis because most paypal accounts do not have 2-factor enabled to protect them from such intrusions and false payment authorizations.

 

So, as a helpful bit of information, it would be nice if the API returned in the payer(object) wether or not that user had successfully gone through 2-factor or not to authorize the payment. A simple API return field of:

    valid_2factor (bool)

    true/false

10 Comments
MTS_Christina
Moderator
Options
Status changed to: New

Hi @Frigidman,

 

We appreciate your detailed feedback. It's a part of our mission to provide a secure interaction for both our Consumers and Merchants. As such, I will take this feedback back to our development teams to find a solution (or integrate yours) on this.  

 

Thanks,

Christina 

Frigidman
Contributor
Options

Anything extra in the payer object will help matters I think.

 

We have been thinking up various ways to try and curb the unauthorized transaction disputes for awhile now.

 

Thank you for the response.

Isummerlin
New Community Member
Options

I think yall need to send an email to  verify  the order before yall just take it out of some one acc

RedSoloBlaze
Contributor
Options

true

Frigidman
Contributor
Options

Re: "I think yall need to send an email to  verify  the order before yall just take it out of some one acc"

 

For one, we don't just "take it out of someones account"... the only information we are provided from PayPal is "yes this user authorized this transaction, go ahead".

 

For another, not to have bloated the original post, we already do an emailing challenge to their PayPal reported Email Address with a verify code they must enter to complete checkout. However, the problem is two fold:

 

1: People who have had their PayPal account hacked, seem to also have their gmail/hotmail breeched (used same password like they should not be).

 

2: PayPal does nothing to stop a hacker from CHANGING the Primary Email on the PayPal account. They can do this without any challenge code send to the ORIGINAL Primary Email address. So a hacker can just change it to what they want for the short period they are going to mass-do fraud orders on multiple stores.

 

Both of those situations make sending a validation code from our end, meaningless. Even though we still do it. It has not stopped the fraud, or even slowed it down.

NDDM1MAMA200
New Community Member
Options

Adding fund for paypal account should be well understood

And merchant needed online for very tim

Tintun
Contributor
Options
  • Screenshot_2020-08-24-01-28-39-901_com.android.browser.jpg

Sharkman10
Contributor
Options

Purchase tools from lan,jianvheng on face book on December 6 2020 ,74.58 and they sent me cheap kidds sunglasses did not recive tools company is a scam 

DuvallTobias
Contributor
Options

True

Frigidman
Contributor
Options

The hell is with all the **bleep** replies that have nothing to do with the topic at hand? No WONDER so many paypal accounts get hacked, if thats the kind of people who are out there using paypal. Just saying...