Prevent fraud orders?

[gothstone]

Staring about 2 months ago we started getting a rash of fraudulent orders. Always from Indonesia (thou they started using US proxys after I tried IP blocks), always in the $1000-$2000 range which is high for our orders, and never with the correct CVV code. Talked to paypal, they helped us get all the fraud settings set. Didn't get any more, figured it was effective. But looking back we never got a warning email about a fraud order, and we are set to. Since then I finaly upgraded from 1.3.9 to 1.5.4. Today we started getting the fraud orders again. I double checked, Fraud Mgmt Filters - FMF is set to yes. Called Paypal. They say the site is "currently setup, with Paypal.com API signature or certificate. You need to integrate it to use my PayPal manager credentials instead of API from paypal.com".
Well, my credentials are set under Paypal Express Checkout, but then again so are my API settings.

So can zencart function as they want? Are the Fraud Management functions working for others? Anyone have any other ideas?

One further, and hopefully irrelevant note, after the upgrade to 1.5.4 I was having an issue with the geographic region error. PM'ed DrByte with all the log files and info. He suggested changing line 1755 from

PHP Code:

$order->info['total'] = urldecode($response['AMT']); 


to

PHP Code:

if ($order->info['total'] < 0.01 && urldecode($response['AMT']) > 0) $order->info['total'] = urldecode($response['AMT']); 


which resolved the issue. I'm hoping that didn't somehow bypass the fraud management, but putting forward the info just in case.

[mumzie]

Did you ever figure this one out?