在IPN文档的最后,它说明了以下内容:
Important: After you have authenticated an IPN message (that is, received a VERIFIED response from PayPal), you must perform these important checks before you can assume that the IPN is both legitimate and has not already been processed:
1.Check that the payment_status is Completed.
2.If the payment_status is Completed, check the txn_id against the previous PayPal transaction that you processed to ensure the IPN message is not a duplicate.
3.Check that the receiver_email is an email address registered in your PayPal account.
4.Check that the price (carried in mc_gross) and the currency (carried in mc_currency) are correct for the item (carried in item_name or item_number).
如果其中一项检查失败,您应该怎么做?我们是否应该以某种方式调用PayPal API来拒绝'交易'?
答案 0 :(得分:0)
大多数商店会将未通过这些检查的订单/交易标记为“可能的欺诈”或类似的内容。 订单状态应该提高员工处理订单的意识 - 仔细查看应该显示哪个检查失败并且可以启动进一步的操作。
这可能包括退还交易以及联系PayPal以进行可能的欺诈尝试。在任何情况下,都应检查订单,而不仅仅将其视为任何其他“已完成”订单。
示例场景:
您使用未加密的网站付款标准,HTML表单来接收付款。
欺诈性买家通过编辑提交的表单找出并开始修改商品的价格
您收到订单作为付款,并且不会根据交易检查商店内的订单价值
员工没有发现这一点,并且发出价值200美元的物品以支付0.01美元