问题
We are localizing our website and we want users to be able to pay in USD and EUR, based on their location. Everything is in place, we detect the country based on IP and we choose a currency accordingly. However there is one fraud possibility we haven't tackled yet.
We want prevent our users from paying in USD (the USD price is cheaper) when they are actually in Europe (in case they use a proxy), so I want to use Paypal's residence_country for a double check during or even before payment.
I know I can check the residence_country of the user in the POST data sent to our Paypal IPN notify url. If the country is not the US, I can decline any USD payment by automatically refunding the amount back to the user. Refunding however is not very neat and I noticed that for example Spotify is able to decline a subscription payment before you even pay. So they don't work with refunding. How does this work? How are they able to decline a payment via Paypal before the payment is finished?
It would be nice to be able to pass a country code to Paypal saying "this payment can only be done by a US citizen" but I haven't found such option in the docs here: https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/Appx_websitestandard_htmlvariables/
(Yes we use recurring payments for Payments Standard)
Thanks :)
回答1:
With PayPal RESTful APIs, you obtain a user’s consent to make Identity API calls on their behalf by redirecting them to the authorization endpoint. Once you obtain the authorization, you can request granular user information from PayPal including user's locale and phone_number.
https://developer.paypal.com/docs/api/#get-user-information
This information should be sufficient to establish, which price level applies.
回答2:
With PayPal Express Checkout API, when you request the token and user data with
GetExpressCheckoutDetails
ask for their
&COUNTRYCODE=
Then, if it does not match the price they selected, do not charge but use DoVoid (it reverses an order or an authorization that a merchant has made with a customer), reset pricing according to the value of &COUNTRYCODE, and request a new token. (PayPal will drop the payment authorization after about two days on its own. No need to refund anything if you didn't charge.)
See:
https://developer.paypal.com/docs/classic/express-checkout/integration-guide/ECGettingStarted/#id0832BC00JY4
(Be warned: when selling to Europeans, you may be required to register for VAT tax in Europe in a country of your choice if you cross a threshold amount of total revenue per year in any one country of the EU. And then the Europeans wonder why they have to pay more. Excessive red tape drives the costs up.)
来源:https://stackoverflow.com/questions/23571286/how-to-decline-a-paypal-payment-if-not-from-a-given-residence-country