New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Bug: Pending Paypal Payments credited twice #1116

Open
openmtbmap opened this Issue Jul 25, 2017 · 9 comments

Comments

Projects
None yet
4 participants
@openmtbmap

openmtbmap commented Jul 25, 2017

Since 2 days Paypal must have changed something about pending payments - s2member cannot cope with it correctly and credits the payment twice - s2member should only credit the payment on succesfull completion!
Note that if the payment is for an extension - the account will be extended twice. If the payment is for a new account - the account itself is fine (not credited twice the time) - but the payment notification email is sent twice with identical text and the user also gets a second time the email to register (New user registration email).

I guess this is about payments where payer pays without credit and wires the money to paypal.

Paypal Messages by email:
PayPal payment not completed yet
Dear ...........

per Email an **************** just sent you money with PayPal.

The payment is currently being processed and shown as "Pending" in your PayPal account. This indicates that the amount has not yet been credited to your PayPal account.

Important: Please hold shipment of any goods until the payment is shown as "Completed" in your PayPal account. You will be notified by email as soon as this is the case.

Payment Details:

Amount: €15,00 EUR

Transaction ID: ***************

Second email after clearance:

Payment Successfully Completed
Dear ...........

The payment from ............... was completed successfully. We have already credited the amount to your PayPal account.

You can now ship the item.
Payment Details:

Amount: 15,00 EUR

Transaction ID: ..................

Buyer's Email: ........................

S2member payment notification emails:
there is no difference - on both paypal pending notice and payment succeded the following message is sent:
(s2Member / API Notification Email) - Payment

subscr_id: *********
subscr_baid: ************
subscr_cid: ************
currency: EUR
currency_symbol: €
amount: 15.00
txn_id: *************
item_number: 1::1 Y
item_name: €15 gives you 1 year VeloMap access extension
first_name: ***********
last_name: **********
full_name: ************
payer_email: ************
full_coupon_code:
coupon_code:
coupon_affiliate_id:
user_first_name: ********
user_last_name: Bichlmaier
user_full_name: ************
user_email: **************
user_login: *****
user_ip: ************
user_id: 412
country_code: Germany
cv0: www.velomap.org
cv1: ************
cv2: DE
cv3: DE
cv4: +49-
cv5:
cv6:
cv7:
cv8:
cv9:

@openmtbmap

This comment has been minimized.

openmtbmap commented Jul 25, 2017

IPN messages relevant details - for the Payment succeeded IPN message:
IPN type: Transaction made
mc_gross=15.00&invoice=&protection_eligibility=Eligible&address_status=confirmed&payer_id=&tax=0.00&address_street=****&payment_date=13:43:26 Jul 24, 2017 PDT&payment_status=Completed

First IPN message about the pending payment:
IPN type: Transaction under review
mc_gross=15.00&invoice=&protection_eligibility=Ineligible&address_status=confirmed&payer_id=***********&address_street=&payment_date=13:43:26 Jul 24, 2017 PDT&payment_status=Pending

If you need logs - I can enable logging. But please please please - make sure paypal works correctly. It's a PITA right now to use paypal and s2member - more and more bugs. It would be best if you could move to REST API away from IPN. Paypal tech support in Austria told me that it is likely IPN will be discontinued within 12-18 month timeframe and is considered outdated by now.
Already before s2member did not correctly work with pending payments. Please review everything about pending payments - the corrrect way would be to have a new email sent to the user to tell him payment is pending and wait for further emails on payment suceeded. On arrival of pending payment no other action should be taken. Same goes for paypal complaints - only if the complaint is lost/payment returned action should be taken like deleting/demoting user - before nothing should happen. Right now paypal means loads of manual work as s2member simply does not work correctly (neither in buyers not in sellers point of view)

@openmtbmap

This comment has been minimized.

openmtbmap commented Jul 25, 2017

Actually the reason is "payment review" - Paypal Germany and Austria must have changed something in their risk assesement - I get now 20% or so of incoming payments as under review - makes this bug High Importance for sellers with large German customerbase. Clearing comes within 24 hours (1-23 hours later).

This means lot's of manual work..... Not good at all with the current situation. Hard to see why s2member cannot cope with it - the IPN type and payment_status are really clear...

@jaswrks jaswrks self-assigned this Jul 28, 2017

@jaswrks

This comment has been minimized.

Member

jaswrks commented Jul 28, 2017

@openmtbmap Thanks for reporting! :-)

I am taking a look at this. Yes, please send any logs that you have, as those will help us identify any additional use cases that pertain to German transactions specifically. You can send those to us using the private contact popup at https://s2member.com/support and please reference this URL: #1116

@openmtbmap

This comment has been minimized.

openmtbmap commented Jul 29, 2017

Sorry - I called paypal to switch off payment validation except for very high risk accounts - because the bug caused me too many problems. I don't think I have any logs of those payments - the important thing is the IPN Type or the payment_status - both should be enough to analyze what is going wrong.

I'm not sure how to differentiate in this vs pending payments due to e-check payments - they take up to 14 days to validate - while the pending payments under review are usually done within 2-3 hours (however can take up to 24 hours but no longer) - this seems to be some form of fraud prevention where paypal again tries to put some more burden of responsibility towards the seller vs themselves. 99% of those payments should be going through without any hassle.

While payments pending from e-checks should be created as subscriber first - (and then best would be an email form to the buyer telling that account gets activated as soon as e-check is debited) - and then account activated with IPN message that payment arrived.

Why like this? Well many people know that e-check hole of paypal - and never actually send the e-check. I have like 70% payments never arriving here. However as e-check and direct debit are not possible to be separately enabled/disabled I have to live with that paypal hole - because too many customers pay with direct debit (95% of payments going through). Direct Debit payments and Payments under review should be activated directly - and if IPN arrives that payment felt - account demoted to subscriber - no further emails needed in this case. Trusting the buyer up-front in this case should be the norm if it's digital items (if you actually ship physical items or need to pay for each digital item sold some license fees - well then this would be different, but if it's just the normal case that the item for yourself does not cost any money - then the 1-5% drop rate giving account as paid for should be fine.)

Definitely the account and emails should not be offered twice as right now.

Full IPN message with details removed:
mc_gross=15.00&invoice=5*************&protection_eligibility=Eligible&address_status=confirmed&payer_id=&tax=0.00&address_street=&payment_date=13:43:26 Jul 24, 2017 PDT&payment_status=Completed&charset=windows-1252&address_zip=86926&first_name=FIRSTNAME&option_selection1=412&option_selection2=IP-Adress&mc_fee=0.76&address_country_code=DE&address_name=per Email an ***** (email@email.com)&notify_version=3.8&custom=www.velomap.org|IP-Adress*|DE|DE|+49-&payer_status=verified&business=seller@email.com&address_country=Germany&address_city=Greifenberg&quantity=1&verify_sign=&payer_email=email@email.com&option_name1=Referencing Customer ID&option_name2=Customer IP Address&txn_id=&payment_type=instant&last_name=LASTNAME&address_state=&receiver_email=seller@email.com&payment_fee=&shipping_discount=0.00&insurance_amount=0.00&receiver_id=*********&txn_type=web_accept&item_name=€15 gives you 1 year VeloMap access extension&discount=0.00&mc_currency=EUR&item_number=1::1 Y&residence_country=DE&shipping_method=Default&handling_amount=0.00&transaction_subject=&payment_gross=&shipping=0.00&ipn_track_id=*********

mc_gross=15.00&invoice=59765bcd40f9c~IP-Adress**&protection_eligibility=Ineligible&address_status=confirmed&payer_id=96Z9EEJBF9RTW&address_street=Föhrenweg 9&payment_date=13:43:26 Jul 24, 2017 PDT&payment_status=Pending&charset=windows-1252&address_zip=86926&first_name=FIRSTNAME&option_selection1=412&option_selection2=IP-Adress**&mc_fee=0.76&address_country_code=DE&address_name=per Email an ***** (email@email.com)&notify_version=3.8&custom=www.velomap.org|IP-Adress**|DE|DE|+49-&payer_status=verified&business=seller@email.com&address_country=Germany&address_city=Greifenberg&quantity=1&verify_sign=AKzaD7UBp7FOkG.-3hMfmm437PmUAu2EnZeF18htIQngYmEns-1K1dYz&payer_email=email@email.com&option_name1=Referencing Customer ID&option_name2=Customer IP Address&txn_id=*************&payment_type=instant&last_name=LASTNAME&address_state=&receiver_email=seller@email.com&payment_fee=&receiver_id=&pending_reason=paymentreview&txn_type=web_accept&item_name=€15 gives you 1 year VeloMap access extension&mc_currency=EUR&item_number=1::1 Y&residence_country=DE&transaction_subject=&payment_gross=&ipn_track_id=5cea20ab721ba

@thegun1980

This comment has been minimized.

thegun1980 commented Jul 31, 2017

@raamdev

This comment has been minimized.

Contributor

raamdev commented Aug 5, 2017

@thegun1980 You are getting these notifications because you subscribed to this GitHub issue. If you don't want to get these notifications, click the "Unsubscribe" link in the email or on the GitHub issue itself.

@openmtbmap

This comment has been minimized.

openmtbmap commented Aug 8, 2017

Here is the Log (can also email you the rest of the details) - for a pending payment - in this case the payment is not going trough - this is a real pending as it was an echeck payment (it seems paypal now kinda tries to resort in some cases to echeck even for subscriptions if charge via credit card fails - don't really know how this is possible as you cannot sign up to subscription without credit card) - s2member simply does not care about payment-status pending!:

LOG ENTRY: Fri Jul 28th, 2017 @ precisely 10:14 am UTC
PHP v7.0.20-1~ubuntu16.04.1+deb.sury.org+1 :: WordPress v4.8 :: s2Member v170722 :: s2Member Pro v170722
Memory 11.07 MB :: Real Memory 10.00 MB :: Peak Memory 12.33 MB :: Real Peak Memory 10.00 MB
openmtbmap.org/?s2member_paypal_notify=1
User-Agent: PayPal IPN ( https://www.paypal.com/ipn )
Array
(
    [mc_gross] => 13.00
    [invoice] => 51e8435222629~........
    [protection_eligibility] => Ineligible
    [address_status] => confirmed
    [payer_id] => SH3BTKPTN6KBQ
    [address_street] => .......
    [payment_date] => 03:13:49 Jul 28, 2017 PDT
    [payment_status] => Pending
    [charset] => windows-1252
    [address_zip] => 44575
    [first_name] => ********
    [option_selection1] => openmtbmap.org
    [option_selection2] => ********
    [address_country_code] => DE
    [address_name] => ******** ********
    [notify_version] => 3.8
    [subscr_id] => I-2HNJRT5G15C1
    [custom] => openmtbmap.org
    [payer_status] => verified
    [business] => email@gmail.com
    [address_country] => Germany
    [address_city] => ******
    [verify_sign] => AO8aE1Z7ZwIae5T4w.Xyv5sspWjlAAtDwXiEhYW8iax1.ZxbIbU4fiM0
    [payer_email] => ********@********.net
    [option_name1] => Originating Domain
    [option_name2] => Customer IP Address
    [txn_id] => 96294073DL4198023
    [payment_type] => echeck
    [last_name] => ********
    [address_state] => 
    [receiver_email] => email@gmail.com
    [receiver_id] => Z89X4K6BZYG2E
    [pending_reason] => echeck
    [txn_type] => subscr_payment
    [item_name] => 1
    [mc_currency] => EUR
    [item_number] => 1
    [residence_country] => DE
    [transaction_subject] => 1
    [payment_gross] => 
    [ipn_track_id] => 8fbb7f373c388
    [option_selection] => openmtbmap.org
    [option_name] => Originating Domain
    [s2member_log] => Array
        (
            [0] => IPN received on: Fri Jul 28, 2017 10:13:57 am UTC
            [1] => s2Member POST vars verified through a POST back to PayPal.
            [2] => s2Member originating domain (`$_SERVER["HTTP_HOST"]`) validated.
            [3] => s2Member `txn_type` identified as ( `subscr_payment|recurring_payment` ).
            [4] => Sleeping for 15 seconds. Waiting for a possible ( `subscr_signup|subscr_modify|recurring_payment_profile_created` ).
            [5] => Awake. It's Fri Jul 28, 2017 10:14:12 am UTC. s2Member `txn_type` identified as ( `subscr_payment|recurring_payment` ).
            [6] => Updated Payment Times for this Member.
            [7] => Payment Notification Emails have been processed.
        )

    [subscr_gateway] => paypal
    [subscr_baid] => I-2HNJRT5G15C1
    [subscr_cid] => I-2HNJRT5G15C1
    [level] => 1
    [ccaps] => 
    [ip] => ********
    [currency] => EUR
    [currency_symbol] => €
)
@openmtbmap

This comment has been minimized.

openmtbmap commented Aug 8, 2017

And here is the log entry when paypal told the website that the payment failed (now account should be demoted - but does not happen!):
On pending payment s2member here should not take any action, and then if it fails demote account - if it goes through then do take action. That's really not good currently.

LOG ENTRY: Tue Aug 8th, 2017 @ precisely 5:43 am UTC
PHP v7.0.20-1~ubuntu16.04.1+deb.sury.org+1 :: WordPress v4.8.1 :: s2Member v170722 :: s2Member Pro v170722
Memory 8.07 MB :: Real Memory 6.00 MB :: Peak Memory 8.20 MB :: Real Peak Memory 6.00 MB
openmtbmap.org/?s2member_paypal_notify=1
User-Agent: PayPal IPN ( https://www.paypal.com/ipn )
Array
(
    [mc_gross] => 13.00
    [invoice] => 51e8435222629~******
    [protection_eligibility] => Ineligible
    [address_status] => confirmed
    [payer_id] => SH3BTKPTN6KBQ
    [address_street] => ******
    [payment_date] => 03:13:49 Jul 28, 2017 PDT
    [payment_status] => Denied
    [charset] => windows-1252
    [address_zip] => 44575
    [first_name] => ******
    [option_selection1] => openmtbmap.org
    [option_selection2] => ******
    [address_country_code] => DE
    [address_name] => ****** ******
    [notify_version] => 3.8
    [subscr_id] => I-2HNJRT5G15C1
    [custom] => openmtbmap.org
    [payer_status] => verified
    [business] => ******@gmail.com
    [address_country] => Germany
    [address_city] => Castrop-Rauxel
    [verify_sign] => AymMdsLKZ-6woPHNtrNQXV8vaK9NAKQQMQ5GSm3y8HjDAUxmFPDqq1Ux
    [payer_email] => ******@******.net
    [option_name1] => Originating Domain
    [option_name2] => Customer IP Address
    [txn_id] => 96294073DL4198023
    [payment_type] => echeck
    [last_name] => ******
    [address_state] => 
    [receiver_email] => ******@gmail.com
    [receiver_id] => Z89X4K6BZYG2E
    [txn_type] => subscr_payment
    [item_name] => 1
    [mc_currency] => EUR
    [item_number] => 1
    [residence_country] => DE
    [transaction_subject] => 1
    [payment_gross] => 
    [ipn_track_id] => 655e153822669
    [option_selection] => openmtbmap.org
    [option_name] => Originating Domain
    [s2member_log] => Array
        (
            [0] => IPN received on: Tue Aug 8, 2017 5:43:19 am UTC
            [1] => s2Member POST vars verified through a POST back to PayPal.
            [2] => s2Member originating domain (`$_SERVER["HTTP_HOST"]`) validated.
            [3] => Ignoring this IPN request. The `txn_type/status` does NOT require any action on the part of s2Member.
        )

    [subscr_gateway] => paypal
)
@openmtbmap

This comment has been minimized.

openmtbmap commented Aug 10, 2017

well as I disabled the verification I now get like 5 failed payments per day incoming - which s2member cannot cope with.
Really s2member needs to sort this out - once payment cancellation comes in - s2member needs to demote to subscriber - best would be however to set it up in such a way - that if the next subscription payment does go through - the user is becoming old level again however.

In these cases strangely enough paypal does not cancel the subscription - so if the account is chargeable at the next period - the payment would be picked up again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment