views:

49

answers:

1

Hi,

Can we assume that the payment is completed for a transaction when the customer is auto returned to our site?

Paypal advices us to use their IPN system for other types of payment, like an e-check, but also tells us to tell the customer something along the lines of "Thank you for your payment. Your transaction has been completed, and a receipt for your purchase has been emailed to you. You may log into your account at www.paypal.com/ca to view details of this transaction."

What are the downfalls of not using IPN, and just assuming the payment is completed when paypal auto-returns users to our site?

Thanks!

+1  A: 

Relying solely on the return url is a pretty bad idea. It would be easy for a bad guy to skip payment and just visit your return url to complete the order.

There is a pretty comprehensive article about this here

PaulG
Our form values are encrypted - so normally they don't have access to the return url - but I decided to go the IPN approach - seems to be more robust, safe and secure over-all.
stringo0