0044 (0)7401 719619 keith@wats-on.net

I had a bad day yesterday simply because I didn’t read the question carefully… and it’s all a bit bizarre.

It’s exam season here in the UK.  Nearly every morning as the young people (I’m not allowed to call them kids any more) of our household leave for school I repeat “Read the questions carefully…”.  I am joined in this ritual with thousands of other parents and teachers“Read the questions carefully”.

As an on-line merchant I find myself sometimes quite exasperated when I am answering yet another query about a product or process of purchasing that is spelt out in some deliberate and careful detail on the website.

It is a fact that in general people do not read things carefully.

Add me to the list as I have made a ‘faux pas’ which led to a rather weird day yesterday.  It is in fact a bit of a bizarre one which I haven’t totally unravelled yet. 

I received an order yesterday for 4 of Adam Eason’s products totalling nearly £200 but the purchase was with a PayPal echeque and of course the funds are uncleared and will remain that way for 7 to 9 days.  What I didn’t realise was that I had things set incorrectly in my shopping cart and the PDF with download instructions had been delivered immediately.  Problem is that I didn’t realise this until later – all will be revealed

Now we have sophisticated delivery process for security reasons where the download page is created on the fly and is only temporary.  So it is easy for us to see what is going on if we spy behind the scenes.  All very clever BUT…

Anyway the alarm bells really did ring in the afternoon when I saw another order for £770 from the same character.  This is when I discovered what was going on and why. 

As sure as eggs are eggs, and breakable, and delicious to eat, this was a bogus transaction.

I even twittered about it as I was puzzled that my shopping cart (1shoppingcart) would deliver a digital product for a pending uncleared echeque from PayPal.  “Surely not” I wrote on my tweet.

Off to my shopping cart setup.  Ahh! or rather Duurrggghh! All is revealed.

Here in the setup for the PayPal Gateway is this question

Instantly Accept PayPal E-Check Orders? :

By enabling this option, any PayPal E-check orders will be marked as “accepted” automatically.

I had this enabled as I had not read carefully.  I thought I was ticking to accept e-checks.  It was the words ‘instant’ and ‘automatic’ that are important. 

Reading it now I feel stupid.  What is the point in setting up sophisticated security scripts if the basics are leaving you exposed.

I then went on the warpath trying to stop this character from getting all the downloads, which was harder said than done.  It was too late to stop him downloading to his machine the pages with the links to the products.  As the digital products are on a different server to the shopping cart – blocking the IP address on the cart had had no effect and I could see the products being accessed.

As last resort I began to rename some of the download files – problem with this is that it affects legitimate buyers as well. 

Tear hair out time!!!!

Woke up this morning to find the same guy had purchased again – but of course this time didn’t get the delivery because I now have my cart set up correctly.  The order came from yet another IP address so the blocking was no good.

What is really bizarre is that this slippery character appears to have supplied genuine contact information.  The postcode is for the correct street in Manchester and the mobile number is a genuine number although it hasn’t been answered to date.

So if there is anybody living in or near Hatton Street in Manchester who has a baseball club and would like to get in touch with me I have a job – ( I am only joking – better make that clear as somebody may read this – not too carefully)

Anyway not sure what to do but suppose I will contact PayPal to see if they can put a spanner in this guys works.

%d bloggers like this: