Dave



I'm sorry you are going to have to look for this on the PayPal website.

I did and you can't! Feature is only there for payments that are in a currency you do not hold.

Have you tried emailing PayPal support?

https://www.paypal.com/cgi-bin/webscr?cmd=_contact-general

Thanks for the tips, Tyson. Limiting the number of items to buy to 1 is a great little feature. Hadn't noticed it before. Off goes the check mark!

Landro

• Add adjustable time delay to delivery after completed payment. It seems some transactions are not immediately flagged for review which results in items being sent right before the review. A delay could possibly allow the PayPal or Google and the credit card systems time to catch up and flag the transaction prior to e-junkie sending product.

I could not agree more with that! That would be a HUGE plus. Paypal will usually suspect fraud in the first 5-10 minutes after the transaction goes through. So if you can set a timed delivery to anywhere from 1 minute to 12 hours i think that would eliminate a lot of problems, at least from what i have personally experienced.



In terms of manually accepting Paypal payments... yeah that's fine if your at your PC all day, which even if i was, i would prefer not to be anyway.



I have just recently been involved with E-junkie and selling codes. I went fully automated and all was great until a few little hackers stole a Paypal account or two and take everything you have in a short amount of time, even with limiting 1 per transaction.



I am looking forward to hearing if we can get that feature implemented in the near future.

Just so you know, we're looking into the feasibility of some extra security measures that could reliably catch suspicious buying patterns and block our system from fulfilling sales that match those patterns. That's all I can say for now, just wanted to let you know we're working on possible solutions for your concerns.

Good to know, Tyson, thank you.



Blocking certain countries from purchasing would be another worthwhile feature.

You can already block specific countries in your PayPal account settings. :^)



If you are configuring your products with Shipping/Buyer's Address, you can combine the block at PayPal's end with permitted Shipping Destinations you select in E-junkie Seller Admin > Cart Shipping Settings, so buyers would be unable to select a forbidden country in the cart nor during checkout.

You can already block specific countries in your PayPal account settings. :^)



If you are configuring your products with Shipping/Buyer's Address, you can combine the block at PayPal's end with permitted Shipping Destinations you select in E-junkie Seller Admin > Cart Shipping Settings, so buyers would be unable to select a forbidden country in the cart nor during checkout.

Thats a US only feature, Tyson. As is blocking sales from non confirmed addresses. Which would be another nice addition for the rest of the world .........



I do wish companies like PayPal would realise that there ARE users outside of the USA....

Fully agree with these feature requests. Limit 1 purchase per PP email/IP per time X limit would be helpful.



I recently had an buyer attempt to get codes via a Paypal check, but was glad to see e-junkie didn't ship. The e-check later failed.



I have been using the techniques mentioned. Limited stock, buy now rather than a cart, and limit 1 seem to be working well.

How hard would a throttle feature be?



On / Off check box. "Limit user to 1 purchase every _____ hours."





email/ ip address is added to blocked buyers list for the chosen time period, and then removed after the time has expired.





Possible? Hard to implement?

We are working on some filtering approaches to limit obvious fraud that won't also block legitimate buyers. There's no point in pursuing a cure that's worse than the disease, and fraudsters will often use a different stolen PayPal email for every purchase and/or reset their connection or move to a different public hotspot to get a new IP to hide their tracks. For obvious reasons we cannot share the details of what we're planning, but it should work fairly transparently and automatically without needing you to enable any setting nor really do anything special at all.

I have to take issue with a "cure that's worse than the disease" reference. I have suggested a simple (a few days coding and testing), easy to understand, and easy to implement with your existing tools fix for one kind of fraudulent purchase.



As some one who has seen firsthand both sides of fraud, I'll tell you that it's not the guy who is going to change PP address or IP addresses that worries me. That takes time. Fraudsters have access to 100's of Paypal accounts true, but due to PP's fraud checks they don't always have a matching IP address, or similar computing environment. When they finally do find a PP account that works, their next step is to milk it for all it's worth, while keeping in mind not to trigger unusual usage patterns.



This is where my suggestion comes in, especially in regards to digital downloads. It would eliminate the effectiveness of a hacked paypal account that has passed these tests and are free for multiple uses. As soon as it works once, it's likely that it will be used again and again until depletion. If they then had to wait 2 6 or 12 hours between jobs, it would make it much less inviting.



Anyway, just a polite nudge to have another think about the idea. I'll leave it at that.

Thanks for your suggestions, and rest assured we'd actually considered and debated quite some time ago the very same approaches you proposed. It became readily apparent that such measures would wind up blocking far more legitimate sales than fraudulent ones -- this is what we mean by a "cure worse than the disease" -- so even making it an optional setting would only be giving merchants an opportunity to shoot themselves in the foot.



With 7000 merchants subscribed to use our service and logging their transaction details in our database, we have a very thorough grasp of both legitimate buying patterns and fraudulent patterns as well. The solution we're working on will work quietly in the background and is designed to block clearly fraudulent activity in a way that's nontrivial for fraudsters to work around (unlike simple email/IP blocks), yet without unduly affecting legitimate buying activity.

Ok, time to revisit this issue. In the last 2 weeks I am down about $200 in fraud. All of it comes from unauthorized Paypal buyers in quick succession. 3-5 purchases in a row that apparently fly's under the radar of fraud detection.



I really don't understand what is so hard about an optional throttle?



If user=new, limit purchase x1 in 72 hours.



The check box could be:



Limit first time purchasers to 1 purchase ever ___ hours.





I know Paypal is not designed well to handle digital goods, but a simple optional throttle, even with no options, would be a simple fix.



I can live with 1 fraud purchase per hacked account, but the 3-5 purchases begin to hurt.

As Tyson mentioned, our development team is working on a solution, however there is not a timeline as to when that solution is going to be ready to introduce to our system. Most software companies only release updates once every year or so.



As for adding in a way to keep buyers from purchasing more then once for a set amount of time. The fact is adding any new feature to a program requires not just programing the feature but integrating it with our system and then making sure it does not cause errors with other parts of our system. This feature requires our system to ignore orders if information in the order already matches a recent order in our system, this means that when the payment processor sends us the information on the order, we would then need to check the transaction log for your account and verify all the information that Paypal sends us, which will not include a PayPal login or credit card number, so we would be going on information like e-mail address, which most people have more then one of or IP address, which means if more then one legitimate buyer at say a coffee house wants to buy a product, they will not be able to. After getting that setup, we would need to design the interface and then still test it to verify it does not cause new problems with our system and finally release the feature to the general public.