在IPN文档的末尾,它显示以下内容:
Important: After you have authenticated an IPN message (that is, received a VERIFIED response from PayPal), you must perform these important checks before you can assume that the IPN is both legitimate and has not already been processed:
1.Check that the payment_status is Completed.
2.If the payment_status is Completed, check the txn_id against the previous PayPal transaction that you processed to ensure the IPN message is not a duplicate.
3.Check that the receiver_email is an email address registered in your PayPal account.
4.Check that the price (carried in mc_gross) and the currency (carried in mc_currency) are correct for the item (carried in item_name or item_number).
如果其中一项检查失败,你该怎么办?我们是否应该以某种方式调用PayPal API来"拒绝"交易?
大多数商店都会将未通过这些检查的订单/交易标记为"可能的欺诈"或类似的行为。订单状态应提高处理订单的员工的意识——仔细查看应显示哪项检查失败,并可以采取进一步行动。
这可能包括为交易退款,以及联系PayPal以获取可能的欺诈企图。在任何情况下,都应该检查订单,而不仅仅是将其视为任何其他"已完成"订单。
示例场景:
-
您正在使用未加密的网站支付标准HTML表单来接收付款。
-
欺诈买家发现并开始通过编辑提交的表单修改商品价格
-
您收到的订单是已付款的,并且没有根据交易检查您店铺内订单的价值
-
一名员工没有发现这一点,一件价值200美元的物品被寄出,支付0.01美元的