Just got two $0.01 orders - but have no such products...

[jnms]

Hi, I just recieved two payments via Paypal made to my shop. These orders where both from the same guy who made a payment of $0.01 - thing is I don't have any products on my site for that amount.

Is this something to worry about? Could it be a 'hacking' attempt?

Also I didn't receive the [NEW ORDER] e-mail that the store normally would send. And there is no record of an order in the 'orders' section in the admin panel. Though I can see the customers name and account details...

[Kim]

What version of Zen Cart? Which PayPal module is installed?

[jnms]

Version 1.3.8a, using PayPal IPN.

[WiSeeker]

Hi, I just recieved two payments via Paypal made to my shop. These orders where both from the same guy who made a payment of $0.01 - thing is I don't have any products on my site for that amount.

Is this something to worry about? Could it be a 'hacking' attempt?

Hey, did you recently setup PayPal? Both PayPal & Google Checkout carry out couple of penny transactions to verify your bank account setup. I don't think you have anything to worry. You might want to confirm this with PayPal.

[Website Rob]

Hi, I just recieved two payments via Paypal made to my shop. These orders where both from the same guy who made a payment of $0.01 - thing is I don't have any products on my site for that amount.

Is this something to worry about? Could it be a 'hacking' attempt?

Also I didn't receive the [NEW ORDER] e-mail that the store normally would send. And there is no record of an order in the 'orders' section in the admin panel. Though I can see the customers name and account details...

By the sounds of it, I would say it was a hacking 'probe' to see what would happen.

As you don't have any pricing for 0.01 cents but somebody was able to place one, they obviously knew how to get around an error page. Not sure about Google but I know PayPal uses two (2) payment deposits of different amount and more than 0.01 cents, when confirming a Bank account. Then they ask you to insert the amount they deposited to confirm your account. Could be they've change that amount though, so it's good advice to check with PayPal.


As to seeing the Customers Name and Account details, that is a default function of Zen Cart regardless of the Order payment being successful/unsuccessful. I'm hoping that gets changed. Although it can be helpful in troubleshooting valid Orders that had a payment problem, it can be confusing as well as somewhat of a Security issue... but maybe that's just me?

[DrByte]

Might have been some sort of probe to look for vulnerabilities or test payments.
Zen Cart won't record an order if the payment doesn't match an order for which it's waiting confirmation, so you won't end up with rogue orders in your database from that.

I'm not sure what you're referring to about customer information though. If you're referring to the details of who paid you when looking at the transaction in PayPal, that's to be expected ... PayPal tells you who paid the amount.

If you figure the transaction is rogue, I recommend refunding it ... that way they won't do any chargeback.

[rwallis]

Sounds like "carding", the practice of trying out stolen credit cards to see if they are still valid.