applies buyer column date digital download downloaded downloads email extra file files free help link money move next numbers offer payment paypal product products range receive sales sell send separate site thank-you-page total transaction type wanting

1. I offer a Risk-Free Money back guarantee if they don't like it. I would say I have less than 5% of people wanting their money back and these are $40 e-books.

2. I used to make it so that they were print-protected so the scammers couldn't get free stuff, but then sending a "live" file to my legit customers was a hassle, so I took print-protect off.

3. In the end - if people are scammers - let them have the book and move on with life. Ban their IP from viewing your site and focus on money-making, not administrative crap that wastes your time and effort.

I know this thread is 5-6 months old but I have a similar issue and would love some advise.

First, we sell Drupal themes via download from one of our websites. Themes range from $39 to $99 depending on the theme. Over the past couple of months we have had 3 to 4 transactions where I believe someone gains access to a Paypal account, orders one or more products from us, and then downloads our products from another IP address versus the Billing Info. IP address.

My concern is that we have seen the same "Download" IP address several times with these fraudulent transactions. Looking up the IP address of the downloaded files shows this IP:

IP: 76.12.48.68
NetRange: 76.12.0.0 - 76.12.255.255
CIDR: 76.12.0.0/16
OriginAS: AS20021
NetName: HOSTMYSITE
NetHandle: NET-76-12-0-0-1
Parent: NET-76-0-0-0-0
NetType: Direct Allocation
NameServer: NS3.LNHI.NET
NameServer: NS1.LNHI.NET
NameServer: NS2.LNHI.NET
RegDate: 2007-05-01
Updated: 2008-02-01
Ref: http://whois.arin.net/rest/net/NET-76-12-0-0-1

OrgName: HostMySite
OrgId: LNH
Address: 650 Pencader Drive
City: Newark
StateProv: DE
PostalCode: 19702
Country: US
RegDate: 2001-02-19
Updated: 2008-05-28
Comment: Abuse Contact:
Ref: http://whois.arin.net/rest/org/LNH

So, 76.12.48.68 is seen multiple times in the download IP address info within our sales logs.

I don't understand why we cannot just block any downloads from 76.12.48.68 in the future because this is the IP address used each time to download the files.

I hate scammers...

Any advise or help?

You may want to bring this to the attention of abuse@hostmysite.com and abuse@hosting.com (since the former domain just redirects to the latter), with details of the exact date and time that IP was used for any fraudulent transactions, so they can look up who was using that IP at that time and take whatever action they deem appropriate. In order to get any info from them about the user to take action yourself, you may need to lawyer-up and make formal legal demands or even obtain a court order.

The problem with blocking IPs is that an IP cannot reliably identify any particular user or computer across time. Most end-users' routers typically get assigned a new IP at random from a common pool of IPs maintained by their ISP every time they start using their connection, so blocking one of those IPs would only block whatever random user of that ISP happened to be assigned that IP at that moment (which could become a problem if it happens to be a large ISP). Moreover, even if the IP is static or at least used constantly enough by a given router that it never gets assigned a new IP, that could just be the router for a public WiFi hotspot (commonly used by crooks wanting to hide their trail) or a large organization such as a university campus.

Recently signed on with e-junkie and caught this thread, so headed over to PayPal's policy/legal page. Section 13.3 is of interest:

"""
13.3 Ineligible Items. PayPal Purchase Protection only applies to PayPal payments for certain tangible, physical goods. Payments for the following are not eligible for reimbursement under PayPal Purchase Protection:

Intangible items, including Digital Goods
"""

Looks like intangible goods are ineligible for PayPal Purchase Protection.

95%+ of my buyers download the file(s) with the same IP address used in the "Buyer IP" column of our transaction logs. The only fraudulent ones seem to occur when the Buyer IP address is different from the Download IP address.

Could we have a check box option that says:

"Only allow download(s) from the same IP address as the buyer IP address"

I know that the download links are kicked out to the scammers fake email address and then the download is prompted when they click on the download link itself. But, if the auth. key in the download URL could do a quick authentication against the Buyer IP address used for that purchase it would stop this type of fraud for us, or at least the scammer would have to use the same IP address both both instances.

Can you advise on this?

I just had 3 more transactions today for a total of $600+ from scamming ________ (fill in the blank with what you'd like.

Thanks for the suggestion; we'll add that to the wishlist for consideration as a possible new feature. It occurs to me that might work better along the lines of, "Instantly expire download links accessed from a different IP than the original Buyer IP", but then allow you to override that selectively if you use your "Re-activate expired link" function in Admin.

Meanwhile, one thing you might do is set "PayPal Account Optional: OFF" in the Website Payment Preferences of your PayPal profile settings. That way, buyers would be unable to check out using any credit card numbers and email address they wish to provide; they must use an existing PayPal account or register for one.

That still would not block cases where the fraudulent buyer steals or hacks into someone else's PayPal login, but if you also set up a Common Thank-you Page URL, then buyers would be unable to claim their digital purchase immediately following checkout, and would need to wait to receive the thank-you email message we send with the link to reach their thank-you/download page. Since we only send that message to the buyer's registered PayPal Email address for orders paid via a PayPal account, this means fraudsters would also need to have access to the separate inbox account for the PayPal Email address registered to the PayPal account they'd stolen/hacked to make their payment, so this puts an extra obstacle in their way of obtaining the actual product.

If a particular email or IP address keeps doing this to capture free information, can we block that person here on e-junkie. I just had my first "hustle" and believe if this fellow pays, downloads and reverses, he will do this for everything...and tell his criminal friends.

You can block a particular buyer email or name by entering that in your Seller Admin > Block Buyers / Transactions.

IP address assignments are not perpetual; they are typically assigned to the user at random for each connection session, from a pool of IPs their ISP holds. Moreover, everyone using a given public WiFi hotspot would appear to be using the same public IP, assigned to the WiFi router at that location.

Fraudulent buyers rarely use an ISP connection that can be traced back to them (such as a connection at their home or work), preferring to use public hotspots that make their activity effectively anonymous. By blocking the IP used for a fraudulent transaction, you would block everyone who ever uses that public hotspot, without blocking the fraudulent buyer, who will have skipped along to the next cyber cafe by then anyway.