Gotchas of Automating PayPal Transaction Processing

PayPal provides an API to automate transaction processing. This is great for businesses selling electronic products. Automated transaction processing speeds up order processing and is somewhat expected from a large section of internet savvy buyers. However it has some caveats as we found yesterday.

We sell Translator Plugin Pro for 30$ using a simple online PayPal button with two data entry fields. It takes you to PayPal site which allows you to specify the quantity but not the unit price for obvious reasons. However today we got a payment of 0.01$ (yeah one cent only) of which PayPal’s fee was 0.01$, leaving me with a net payment of 0.00$, no kidding! How did this happen?

The problem is that PayPal form has the price embedded as one of the hidden fields:
<input name=”amount” value=”30.00″ type=”hidden”>
This can be abused to insert any value of your choice and submit the form.

PayPal does have a solution to this problem. You can encrypt the form field. Your item price and other details will be encrypted and cannot be easily altered. Unfortunately Option Fields are not compatible with encrypted buttons. Selecting encryption means you cannot use option fields or create email links. This prevents a merchant from requesting additional information from buyers to fulfill the order.

What is the way out of this catch-22 situation?
One simple way is to check for the net payment before fulfilling your order. Only fulful when the price is right. Otherwise refer it for manual processing.