XF 2.0 Payment Fraud - Editing prices

M

mikez006

Active member
Someone purchased an upgrade and was able to edit the price to $0.01. We received a payment via Paypal for $0.01.

I refunded the payment and banned the user.

I don't see the upgrade listed in the "Active user upgrades" but they were able to purchase it, so the system didn't block the purchase.

Does XF2 check for this? Is that why the upgrade wasn't added?

Does it also check for other addons that use the payment system? For example we have a "credit" addon that allows members to buy a credit currency on our site.
 
Sort by date Sort by votes
Users can edit the request that goes to PayPal -- that isn't unexpected with the system we use -- which is why we validate that the payment received is both to the person we expect and for the amount expected. This is exactly why the upgrade wasn't processed -- you'll probably see logs indicating this the payment log.

This is handled at the payment system level, so provided add-ons use the built in payment system, then they don't have to worry about it.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

BubbaLovesCheese
  • Question Question
Pricing Tables, Payments, and User Upgrades... How do they work?
Replies
3
Views
67
htsumer
H
P
  • Question Question
XF 2.3 User upgrades with no payment profile?
Replies
7
Views
68
peteGSX
P
robdog
  • Question Question
XF 2.2 Does XenForo store basic credit card information for a subscription payment?
Replies
8
Views
161
Arantor
Arantor
X
Expiring recurring user upgrade should explicitly cancel with payment provider and not assume failure
Replies
1
Views
297
Xon
X
Shortie
  • Question Question
XF 2.2 Not being alerted to a Stripe payment made when a user upgrade is purchased
Replies
9
Views
819
Shortie
Shortie
Back
Top Bottom