I will send a suggestion to our development department. However, there is no way to guarantee that even with a change like you are suggesting that a person cannot still do this by using different e-mail address and changing their IP address after every one or two orders.

I will pass this on to our lead developer.

6 years later, ANY NEWS regarding this?



I'm one of the hundred guys selling keys on eBay and receive MANY (!) fraudulent transactions payed with:

- Lastschrift (über PayPal): http://pages.ebay.de/help/pay/methods.html#ELV (that's the German direct debit method where buyers do NOT need an account in order to pay; the pay through eBay's checkout directly by selecting "Lastschrift" option, filling up their bank code and Date of Birth, and maybe name, and that's it - transaction is "directly debited" from their bank account to my PP's balance, ZERO protection);

- Payments from buyers who have different eBay and PP addresses (even whole countries; already have blocked from ebay.de/ws/eBayISAPI.dll?BuyerBlockPreferences and blocked ALL buyers outside of DE to not receive any payments from them, but still they bypass this);

- And some more. Not so many CC chargebacks, maybe because I'm not selling into the UK/COM markets, lol.



I need a solution that CHECKS buyer's IP + headers + useragent + country + address + name. And if his GeoIP location matches the phone location (SMS) for example using that service mentioned about (TeleSign, that curious why it isn't integrated yet on E-Junkie for so many years), the transaction to by passes and the buyer to receive the key from EJ. If not, to be automatically refunded and the key NOT delivered.



It's a pain to lose SO MUCH MONEY from so many fraudsters. And still ZERO solution "All-in-One" against that. I'm not talking about Cart-softwares, etc., I'm talking about eBay's listing. So here not possible to integrate tools like MaxMind, Magento some modules for anti-frauds, etc., or I don't know how that could happen.



I don't care about the new admin panel if it's in beta or not, I care about the money. Keep in mind that PayPal have ZERO protection against fraudulent transactions, so ZERO protection for sellers selling 20-30 seconds delivered keys (that can be used one-time-only, that costs €20+ every) to buyers.



I need a solution (eBay + PayPal + EJ + Anti-Fraud protection in real time + TeleSign), not blacklists of users, etc. - scammers are smart and create multiple accs to bypass this, multiple phone numbers, etc., pretty easy for them (not to mention the IP).



When you have passes this to your lead developer, what happens? Something like communication with the eB API > PP API > TS API > EJ API and IF all is fine (e.g. not used Lastschrift method that the transaction is marked as "PayPal Unregistered User"), then the key to be delivered. Currently (for years) - no protection, every transaction passes.



Regards.

My eB settings: 2http://i.imgur.com/JBUzVSF.png2



eBay's CS answer:



"many thanks for your inquiry to eBay. We can totally understand your situation in the difficulties with fraudulent payments. You already did the only way to take the focus on Paypal payments.



The way to a solution for you can be an established waiting period after payment so you can control and fetch the money after reliability from your bank account.



One fact to your reassurance: most of your mentioned "bad payers" are not any more members of eBay.



Mit freundlichen Grüßen"



Haha, when using EJ - no "waiting period" because the buyer receives the good instantly. No such thing possible. And not given any way/solution to block "direct debit" payments.



PP's CS answer:



"You can decide which payments you want to accept automatically, refuse automatically, or review before you accept in your payment receiving preferences.



To choose your payment receiving preferences:



Go to www.paypal.com and log in to your account.

Click Profile at the top of the page.

Click Payment Receiving Preferences in the 'Selling Preferences' column.

Choose from the options to personalise your experience.



Please let us know if you require any further assistance."



And:



"



If you haven’t already created an account for the Merchant Technical Support site, please create one now. Here’s how:



Go to www.paypal.com/mts and click 'Sign Up' in the top right-hand side of the window.

Provide the required information and click 'Create Account'. You can use any valid email address.



After you have created your account, you can submit your question. Here’s how:



Go to www.paypal.com/mts and click ‘Contact Technical Support'.

Fill in the form in as much detail as you can and click ‘Continue…’



We look forward to assisting you further.



It is my pleasure to assist you. Thank you for choosing PayPal."



Again not a solution. Also from the "Selling Preferences" can't be blocked PayPal Unregistered users, neither SMS/IP/Address Matching, nothing. Total disaster for merchant/sellers, specially small ones without 3rd party whole websites, who're trying to build feedback on eB and earn some money that could be used in the future for a better store solution, Google AS, etc.



So here we come again - there is no AIO solution, neither "part" solution. Waiting for answers from experienced sellers + the "leading developer".



Regards.

We can only support eBay sales paid by PayPal, not by any other payment method, because with eBay we depend on receiving IPN from PayPal providing order details when they notify us of a payment, so we can then process that order. This means we have no awareness of the order and thus no influence until after PayPal has already completed the payment.



If you enable settings in PayPal to place payments on hold for manual review, PayPal will not send us IPN confirming completed payment until after you approve it, at which time we would then process the order automatically for you. Make sure you have "Wait for pending payments" checked in your E-junkie Seller Admin > Payment Preferences.



To handle cases where the buyer legitimately paid with their own card or PayPal account and is just claiming a refund to defraud the seller, all you can really do is clearly display a refund policy on your eBay listings stating that all sales are final and no refunds will be given. This may affect your eBay Feedback, but if eBay later suspends the buyer's account due to fraudulent purchases or other violations of their terms, I think they might also remove any feedback posted by the suspended account (please inquire with eBay support to confirm this).



However, the vast majority of fraudulent orders occur where the buyer is using a stolen credit card or hacked PayPal account, when the legitimate account holder is not yet aware their account has been compromised and thus has not yet reported that breach to PayPal or their card issuer. In this case, PayPal or the card issuer may still decline the payment if they detect the buyer may not be legitimate (e.g. Billing address mismatch for card payments, or other factors PayPal may detect for unauthorized access to a PayPal account).



If the payment succeeds at all, this indicates PayPal or the card issuer did not detect anything fishy at the time of payment, so the fraud only becomes apparent when the legitimate account holder discovers the bogus charge to their account and files a dispute about it. This scenario is hard to defend against in any way that PayPal and card issuers are not already doing on their own to protect their account holders.



If you would prefer to issue a key code to the buyer manually after a waiting period, you can already do that by email without any need to involve an instant digital-delivery service like E-junkie at all. For those selling file downloads who may wish to provide our expirable download link to the buyer manually after a waiting period, they can use our "Send free download link" feature to issue the link manually, in which case they would simply forgo setting up the integration to have us issue the link instantly after payment.



You may also wish to see if the provider you obtain keys from has a way to report stolen keys, so they can deactivate such keys and any user accounts they may be applied to.

Regarding "enable settings in PayPal to place payments on hold for manual review" - how to do that, because on paypal.com/cgi-bin/customerprofileweb?cmd=profile-pref it's not available such thing, maybe from elsewhere? PP account from European and EUR payments generally. 1http://i.imgur.com/JR0aQg3.jpg1



Also Lastschrift is a German payment method made through PayPal again, so again EJ receive the IPN and so on. The general problem is that those users are mentioned into the PP transaction as "PayPal Unregistered" and no such option (tick on EJ) to block them, I mean to NOT send the code to them when they're unregistered on PP (having a Verified PP acc). Browse some more info on the net about this.



I have just checked the IPN history for a transaction like this ]Payment From:

Some Name (The sender of this payment is Non-U.S. - Unregistered)]. For "payer_status" says "payer_status=unverified", so definitely in EJ from somewhere need to be set a rule where to block sending the code to Unverified payers, right :)?



Also - could you get the IPN status from eBay transactions in order to match the address from eB and PP, and to put such tick on EJ. So if the address matches on both places, to send the code. And another tick for the name (if name matches, again to send the code, optional setting, because there're families that allow children to use their own name as PP or eB name).



Regarding the SMS verification, any info here? Manual review - even if I do that somehow - doesn't helps because in my niche there're 10+ Chinese/HKs sellers with 200k+ feedbacks, even natural Germans can't beat them or have competitors from Germany, so they send the code in 1-5 minutes, some sellers - up to 30. I don't have any people working for me, neither could be on the PC 24/7/365, so EJ sending the code in 30s is good but still - not possible to verify the other's party.



For example that "Invoice ID" from EJ that is sent to the buyer could be entered in some website linked with TeleSign. So the buyer to enter the that unique code in that website, where he enters his shipping address, name, phone and Invoice ID. He receives back to his phone and SMS code which he enters the page and passes to the unique code/key. But he won't receives and SMS or so if his cellphone location is not in the GeoIP (detected) area where is he from, so therefore - blocked sending the code and the script to automatically refund the transaction, because it's 90% sure that is fraudulent. Hijackers can enter name, address, etc., BUT they can't enter the phone. Why?



Because let's say the original owner of the PP/eB acc is in Berlin. The hijacker is from Hamburg. He enters his Hamburg's phone but the script says that his address is in Berlin street bla bla, so therefore won't receive the SMS Code or will be automaticallly blocked. Or such things, I'm sure that when many digital stores are using this TeleSign thing, then it should be working (don't have any in-depth details, tho). So that kind of option might be added as a separate application/module/script or whatever to EJ. And to be used from eBay digital code sellers.



About the "provider from which I obtain the codes i he could deactivate them" - no such option. They're scanned and writen in .txt from the Retail Game PC Boxes purchased in bulk or wholesale from big suppliers. No such option for reporting stolen or so, providers can't disable/ban/etc. them, neither to be "removed" from any user accounts that may have been applied to.



Regards.

Aside from the Payment Receiving Preferences/Block Payments settings in your screenshot, there's also Website Preferences here:

https://www.paypal.com/cgi-bin/customerprofileweb?cmd=_profile-website-payments1



I think that screen may only be available if you have a Business account with PayPal (a free upgrade, at least in the US), but here you can set "PayPal Account Optional: Off" and/or "Express Checkout Settings - Support giropay and bank transfer payments: No":

http://i.imgur.com/UhRLBBk.png



I'm having trouble following what you're trying to describe in some of your other suggestions, but IPN is a one-way transmission from PayPal to us. Once we receive IPN from PayPal confirming completed payment and providing the order details for us to process, all we can do is validate that the IPN actually came from PayPal, which confirms the payment was good and presumably passed whatever fraud checks PayPal can perform at their end. After that, we have no way of checking any other data in the IPN against records at PayPal or eBay or any other party.



You could use our custom/third-party Integration feature to have us forward the order data to an external script or service that would perform additional verification routines before issuing the key from that end, but if E-junkie is not delivering anything to the buyer in this case, there's little point in having us involved at all vs. just having PayPal send IPN directly to that external script/service.



A final note: as far as we're aware, eBay (at least in the US) does not allow selling digital goods which are only provided electronically without also being shipped as a physical copy (e.g. printed hardcopy or on CD), so any use of digital delivery for eBay sales is simply to provide "instant gratification" to the buyer while awaiting physical shipment. If eBay discovers you are selling digital items which are only delivered electronically without also shipping a physical copy, they will remove such listings and may restrict or suspend your account.

http://pages.ebay.com/help/policies/downloadable.html

Website Preference Settings are usually for WEBSITE stores/shops (like Magento, OpenCart, PrestaShop, etc.), for own custom websites. Haven't changed anything there yet.



Now browsed there, the giropay/bank option is turned off by default. Only the setting "PayPal Account Optional:" is On, so now I'm turning it Off. Don't know what this could change because those preferences are not related for the eBay's Checkout (yeah, have read the "Learn More" info). Hope this helps, will see in the future because as for today got only 4 x chargebacks (MC'ed eBay user + 3 x unauthorized PP payments). Thank you for your suggestion, tho.



Regarding the eB policy - yeah, I know that. Nowhere I have mentioned that I'm selling into the international/American market. Keep in mind that the law and rules there are not allowing, but the law and rules on other specific marked are allowing any kinds of downloadable products LEGALLY, including even Accounts (and all electronically delivered by e-mail or other kind of delivery). No problem here.



You haven't explained which exactly option is for "manual review" for every newly received transaction?



Regarding the IPN - check some transaction. You'll see from the IPN history that there is info for "payer_status". That variable can be either "verified" or "unverified". You might add a setting (tick) in EJ to allow or disallow such EJ-transaction for example if the "payer_status" says "unverified" to NOT send the code.



Regarding my other things that have mentioned above (for address matching, phone detection, etc.) - seems that need to asked on other forum(s) and to see how that integrated could happens (I'm not a programmer).



But generally - keep in mind that PP is the most UNTRUSTED source for receiving payments and for validating, confirming and verifying them. From my 6 years experience it provides ZERO to -10 protection for and of any kind of transactions (tangible or digital). WebMoney is the best choice, no chargebacks, no options for disputes/claims (except Arbitrage that is available ONLY for Personal ID Verified Passports), Business LVL and so on, but that's another story. That's why I was/am looking for such "All-in-One" solution that can provide:



- Instant delivery;

- Instant verification of the order (the funding source + account) and the client (without asking from him to send as scan his ID);

- Instantly delivering satisfaction and user experience, and receiving positive feedbacks (and/or increasing them);

- Minimizing the losses as much as it can.



Currently EJ providers the 1st and the 3rd somehow. But for Digital Goods sellers on eB like me (yeah, I'm definitely not the only one) are important the 2nd and the 4th.



Yeah, I know that for 3rd party E-Commerce like Magento/Presta there're modules that providers some kind of "order checking, verifying" for anti-fraud specifics, including SMS/Phone verification and so on. But that is something that can't be added to eB, I mean - there is no option to add on eB any kind of anti-fraud module, I'm not the owner of the website . It's upon eB and PP to adds such things. But as far as everyone ones - they can't, they don't, the won't, because they prefers to FREEZE PP accounts and to suspends eB accounts for any kind of "suspicious" activities, but that's another story again. That's why again - I'm looking for such solutions.



Regards.

I might have found some solution but it needs EJ's API. Or just to forward PP's IPN (variables) for the approved others. So:



Buyer > eBay > PayPal IPN > transferred to other service that is doing the verification of each order (if it's fraudulent, hacked, stolen acc, etc.) > that services forwards ONLY approved order-IPNs to E-Junkie > then you deliver the e-goods (key) to the verified buyer's e-mail.



So generally in this 3rd party service is entered your Notification URL (https://www.e-junkie.com/ecom/ipnext.php). The problem is - is it possible to receive such forwarded IPNs from 3rd party website (different from PayPal's site) or it's not possible (because of for example checking signature originating, IP, etc.)? Have you tested by yourselves?

Unfortunately, our IPN handler validates all incoming IPNs with PayPal to verify that PayPal actually sent them, before we'd then process the order; this foils any hackers who may try to obtain free product by spoofing an IPN submission to us from their own server unrelated to PayPal.



Moreover, any third-party verification service would be unlikely to know whether a card or PayPal account has been hacked/stolen any sooner than the legitimate account holder, card issuer or PayPal themselves know, so the only function such a service might offer would be looking for indications of fraudulent activity that PayPal doesn't already check for on accounts that are not already known by anyone to be compromised.

So in the end - no API, no IPN handler from 3rd party verification service.



I can't verify the orders if they're payed with stolen/hacked/hijacked PayPal and/or eBay account neither for digital-related transactions, nor if I plan to start physical (tangible) items. And the only possible way to verify this if when I receive from PP the IPN - the variable called "contact_phone" ("payer_phone"). Using the 3rd party service - it calls the buyer or it's being send to him and SMS. He would needs to enter the code that he receives (or listens on the phone) into the 3rd party phone verification service (GeoIP detection here) page (which in order words would means that I - as a seller - will be sure that ONLY the ORIGINAL OWNER is using the PP account, not a hijacker), which is then passed to the EJ's IPN Notiication URL.



I can't, I don't, neither any other instrument or tool would know "whether a card or PayPal account has been stolen", but I can know if the ORIGINAL OWNER have proceeded/payed me by verifying his PayPal's phone. Which reduces the fraud rate up to 98%.



98 PERCENTS.





I have been doing a conversation by a ticket with the phone verification service in the last days. It seems that I can't work only with one of the companies - either with him, but then no instant proceeding of any orders, no 24/7 sending the keys, no automation, no inventory. I can't work with you (EJ) only - because OVER 50% fraud rate so far with the buyers (so I have lost so far around €310, maybe even more in the coming days when the PayPal non-smart algorithms check all of the old transactions or when the original owners see that their accs were hacked). Half of the job - the phone service, the other half of the job - EJ.



Don't know if the other's party have already contacted you by e-mail or so, if not - I can give you the e-mail where to write and to contact with the other company and both devs of you to think about a possible solution for this MAJOR & CRITICAL fraudulent-related issue. And to work each other.



I have been contacted by other eB-sellers - this time from GB, selling digital keys as well. They have the same complains as me. One of them - like me - suddenly stopped her (woman) sales, and I know why. The other British that have contacted me - said that "there's not too much you can do" and so, and in the end "other than this you can only just quit" - yeah, but wut, why (he have stopped also, btw).



Regards.

I have to chime in on this that I've come across the same problems. I do think that at the very least e-Junkie should be able to provide more options to us even after PayPal has "verified" a transaction. Many times my fraudulent transactions come in waves from a specific country. I have said before that if e-Junkie gave us options to block transactions from things like country, it would give me more control over fraud. Yes, I know someone can change their IP address, but in the short term it allows me to block more of their fraudulent transactions while still allowing money from legitimate transactions to come in. Then I can still fulfill orders manually to the customers in those countries who I know are legitimate until I feel it's ok to unblock transactions from that country.



I don't know a lot about programming, but I can't see how it would be all that difficult to add more options like countries to the options in blocking transactions. At this point blocking emails, names or specific transaction IDs is practically useless.



Staunch, if you find better options, please let us all know. I have seen other postings on here regarding these same concerns, but they often involve services that complicate the simplicity that I go for when I first started with e-Junkie.

You can block certain countries - if you sale on eBay tho - from the eBay's shipping options. For example shipping to ONLY UK addresses ONLY to UK buyers. But that's not the major issue here, because there're BOTH fraudsters from UK, DE, US, etc. - so ANY "white" country have them. Nigeria, other less-known African/Asian countries are not a big problem (for me), they don't know French/Spanish for example, they buy only from .COM listings.



If you're talking for a web store/cart/domain - then you can block certain countries IP ranges by .htaccess: http://www.ip2location.com/blockvisitorsbycountry.aspx so buyers from blocked countries won't even be able to open your website store (they need to use proxy/vpn to bypass this). But for eBay - you can't do that, I can't, no one can't.



E-Junkie needs specific tools, options and so (API, flash-to-DHTML admin panel), drastic changes in order maintain sellers' needs. Don't know where exactly is the problem because this takes ages (!) 1http://www.e-junkie.com/bb/topic/5906/pg/01 , but I'm sure that their staff should be way over 10-15 persons and most of them programmers.



If with the new admin panel creation (that's in beta, tested it tho) this would provide a "whole range of features that might/will be added easily in the future" (incl. country blocks, API, integration with phone verification service and so), then sure - why not. But if that won't provide such features (and easy integrations that require zero to 0.01 programming knowledge and skills), I can't see really the benefits of the DHTML panel over the flash one.



---



As you can see - I've found that specific 6-years-old thread from the graveyard and keep posting here, because that's - as niko said (6 years ago) - "Fraud is my top priority". It's useless to send the digital goods to the customer in 1s or in 30s after the sale when they can chargeback at any time (specially for transactions that involves PP - the most INSECURED payment transaction gateway GLOBALLY), even after 12+ months for some banks/cards. Blocking specific countries is NOT a solution because there're LEGIT users from those countries, for sure. The problem is their "screening" - something that can be done from 3rd party services - Signifyd, Kount, MaxMind, TeleSign, OnVerify, Reducefraud, Riskified, Twilio and more, if there was easy (n00b/retard-friendly) integrations with API.

Hi again half year later,



Are there any news regarding this (saw that recent news for the new admin panel + site: http://www.e-junkie.com/bb/topic/6998)? Or still not planned ANY l (as I said on my Jan 22, 2015 post): "So in the end - no API, no IPN handler from 3rd party verification service"?



No TeleSign easy switch and/or other 3rd party services. And therefore - frauds keep stands here on eBay orders.





In the path months managed to understand and verify that when dealing on eBay with buyers there, no seller receives (through IPN) buyer's phone number (no matter if on the seller's account his settings are set to "ON" to always receive the number or not). The only possible way to receive a phone is through the eBay's API:



http://developer.ebay.com/devzone/xml/docs/reference/ebay/getsellertransactions.html

1http://developer.ebay.com/devzone/xml/docs/reference/ebay/getorders.html1



People who have Selling Manager and/or Selling Manager Pro, by clicking directly on the order ID will see buyer's number. Which number the 3rd party verification service must verify, and then in the end that service to "talk/communicate" with E-Junkie saying "order is verified, give him the key/code".



Here're the needs - formatted as a scheme: http://i.imgur.com/IKo2je0.png to be understand fully from anyone.



Regards.

Hello,



I've removed your similar posts in other unrelated threads so that we can address this issue within this topic. I'm very sorry for the misunderstanding, but as Guru has explained previously in this thread what you are asking for is not something that can be provided.



PayPal is already in charge of authorizing the payment. It is not really possible nor would it be effective for us to insert another step for a third party to double check PayPal's work in order to divine whether or not a payment is valid after PayPal has already processed it.



This is not an area we are exploring for any future development because there's nothing that can effectively be done here that you could not already do by other means.



In short, you can have automatic delivery via our system after a payment is verified by PayPal or you can set up some kind of delayed/manual delivery via a different system that takes the time to further research each buyer, but you can't have fast automatic delivery and delayed verification at the same time (and any kind of additional verification that wouldn't impose a delay isn't doing any meaningful verification).

"It is not really possible nor would it be effective for us to insert another step for a third party to double check PayPal's work in order to divine whether or not a payment is valid after PayPal has already processed it." -> every single payment is valid. The issue is that NOT every single payment is made from a original & genuine PP account owner/holder or not, because it can (and is) made from a hijacker (stealer) who purchase the digital (one-time-redeemable) goods from us. That's why such double checks are needed and "a must" these days with tons of fraudulent transactions around the web for almost anything, but mostly for digital content (that is delivered instantly), and hijackers knows this as well.



"This is not an area we are exploring for any future development because there's nothing that can effectively be done here that you could not already do by other means. " -> which means that when you can get through IPN PayPal Order Info, it won't be so hard to get through the eBay's API (registering in their eBay Developer Network) and receive through the API the eBay Order Info when a customer is authorized? For example there're tons of listing tools that offers this - authorization and then you see through their admin panel ALL of the eBay Orders, can communicate to the buyers through their panel, send feedbacks and so on. Or it is not possible such integration (even when there're tons of digital goods sellers on eBay that need and is a MUST to have a double verification)? Yes, it could take weeks or months but in the end it should be worth when this could generate a traffic of potential sellers that are going to use the only possible tool in the world offering double check of a transaction + instantly sending the info right away if it's verified (through the phone, e.g. received info through the 3rd party verification service API that the user was verified).



Manual delivery is not an offer (been doing this in the past months using OnVerify's manual sending thing, it takes so many actions and steps for ONLY ONE single order to be manually sent to the buyer's e-mail after his verification, const. staying on the Thunderbird client 24/7). I was and am looking for something like: eB sends order details (through API) to the 3rd party verification (phone) system > which sends "positive" or "negative" to the auto-delivery system (E-Junkie) and that's it, so EJ to receive messages (IPN/API) info for the transactions directly and only from the verification system, not by the PP or eB directly.



And sending e-mail template to the "positive" verifications with the keycode OR an e-mail template to the "negative" verifications with no keycode (and saying like - "your phone is out-of-date, write us as message your active number OR send us your Proof of ID card, etc."). And all of this to be as one main or an extra product.



Or that is Mission Impossible?

We understand that you want to have room for a third party verification service to inspect transactions between the process of PayPal accepting a payment and our system receiving notice to fill the order (or not), however we have already decided not to implement anything of that nature right now.



The system you are asking for would only create major delays and disadvantages to the order process without providing enough benefit to offset those disadvantages, so we can't justify spending any time to develop this system.



Our development resources are limited so we have to carefully prioritize where we spend that effort, unfortunately that means we cannot address any individual requests like this unless there's a clear advantage or a large demand.

@E-JunkieMonster: Check your PM (e-mail) - a reply to your post above.