Jump to content

Disable Client's Ability To Pay Any Amount

Ken

By Ken
in Feature Requests

 Share

Recommended Posts

Cody Newbie

Cody

Posted
Posted

In other words a client would only be allowed to pay the value listed on the invoice (e.g. not pay more, not pay less)?

 

Obviously, the biggest caveat with this is nonmerchant payments that come in. Blesta has no control over those, so that would still allow payments to pay more or less than the amount due on an invoice and add credits willy-nilly.

Link to comment
Share on other sites
Ken Newbie

Ken

Posted
  • Author
Posted

In other words a client would only be allowed to pay the value listed on the invoice (e.g. not pay more, not pay less)?

 

Obviously, the biggest caveat with this is nonmerchant payments that come in. Blesta has no control over those, so that would still allow payments to pay more or less than the amount due on an invoice and add credits willy-nilly.

 

Really?  I didn't know this.  For example if you make a PayPal standard payment it appears to let you modify the amount but on the Blesta side.  Once you submit the payment it redirects to PayPal to pay the amount.  Are you saying the "Edit Payment" functionality is not able to be disabled in Blesta?  I don't recall that in any previous billing systems but that's not to say that it wasn't there, it could be escaping my memory.

 

In a worst case scenario I'd like to be able to make it slightly less available like it is on the non-merchant gateway.  ie.  Edit Payment link vs. Being prompted on the submit payment payment page.  

Link to comment
Share on other sites
Cody Newbie

Cody

Posted
Posted

When payments originate from third-party sources Blesta doesn't have control over them. That's just the nature of the process. When Blesta constructs the form data that is sent to PayPal or any other nonmerchant gateway, it's (generally) treated more as a suggestion by the gateway that the user should pay the given amount. It's entirely possible that someone could submit payment to your PayPal account that gets sent to Blesta in an amount Blesta didn't suggest or expect. It's even possible for users to submit payment without ever visiting your Blesta installation.

 

Now, that said, it would be possible to enforce through the interface that user pay the exact amount due on the invoice, but it would be misleading to suggest that Blesta could strictly enforce such a rule if accepting something other than credit card and ACH.

 

I'm actually more interested in what UI improvements we can make to ensure that user's don't mistakenly pay more than they intend to. I'm curious how this happened as Blesta fills in the amount due by default.

Link to comment
Share on other sites
Ken Newbie

Ken

Posted
  • Author
Posted

When payments originate from third-party sources Blesta doesn't have control over them. That's just the nature of the process. When Blesta constructs the form data that is sent to PayPal or any other nonmerchant gateway, it's (generally) treated more as a suggestion by the gateway that the user should pay the given amount. It's entirely possible that someone could submit payment to your PayPal account that gets sent to Blesta in an amount Blesta didn't suggest or expect. It's even possible for users to submit payment without ever visiting your Blesta installation.

 

Now, that said, it would be possible to enforce through the interface that user pay the exact amount due on the invoice, but it would be misleading to suggest that Blesta could strictly enforce such a rule if accepting something other than credit card and ACH.

 

I'm actually more interested in what UI improvements we can make to ensure that user's don't mistakenly pay more than they intend to. I'm curious how this happened as Blesta fills in the amount due by default.

 

When you say third-party I am assuming you mean non-merchant gateways with hosted payment pages such as Paypal.  That being the case how would they do this?  If I pay an invoice in Blesta via Paypal Standard it takes them to a payment page which a set amount.  I don't have the ability to change that amount.  The only place I can change the amount is in Blesta itself for which the way I see it can just be removed.  Unless you mean other non-merchant gateways that allow you to do this?

 

 

I'm actually more interested in what UI improvements we can make to ensure that user's don't mistakenly pay more than they intend to. I'm curious how this happened as Blesta fills in the amount due by default.

 

I think this is a good idea too, however at our company it's not an option for clients to pay whatever they feel like paying.  They need to pay the amount due or contact our billing department for payment arrangements.

Link to comment
Share on other sites
Cody Newbie

Cody

Posted
Posted

When you say third-party I am assuming you mean non-merchant gateways with hosted payment pages such as Paypal.  That being the case how would they do this?  If I pay an invoice in Blesta via Paypal Standard it takes them to a payment page which a set amount.  I don't have the ability to change that amount.  The only place I can change the amount is in Blesta itself for which the way I see it can just be removed.  Unless you mean other non-merchant gateways that allow you to do this?

 

Yes non-merchant gateways. Some gateways lock the ability to change the amount, others may not. But regardless, the user can generally change it to whatever they want simply by modifying the form contents as is the case with PayPal.

 

I think this is a good idea too, however at our company it's not an option for clients to pay whatever they feel like paying.  They need to pay the amount due or contact our billing department for payment arrangements.

That's an interesting concept and one I've never been able to fully understand (money is money, right? Gimme gimme), but I can recognize the need for it, legal or otherwise. The only problem I have with it is that it's simply isn't possible to enforce in the case of non-merchant gateways. Though I suppose if it is properly conveyed to the user then we'll get less "OMG this is broken, clients can may more than the invoice amount using PayPal!!!" false bug reports.

Link to comment
Share on other sites
Ken Newbie

Ken

Posted
  • Author
Posted

 

But regardless, the user can generally change it to whatever they want simply by modifying the form contents as is the case with PayPal.

 

The only editable form I see is the Blesta payment process.  Once the user is redirected to Paypal they cannot change the amount.  What form are they going edit exactly?

Link to comment
Share on other sites
Tyson Newbie

Tyson

Posted
Posted

They could potentially edit the form attached to the PayPal Pay button to change the amount, or other values. Similarly, someone could construct such a form elsewhere and submit payment to you in any amount to pay for invoices. What Cody is saying is that there is no guarantee that you will only be paid the expected invoice amount when you pay with a non-merchant gateway because such a requirement is unenforceable.

Link to comment
Share on other sites
  • 1 year later...
kpmedia Newbie

kpmedia

Posted
Posted

I find this while conversation somewhat absurd.

 

The average person is going to use the service -- not tinker with it.

 

Sure, maybe you CAN finagle the amount on the 3rd-party site, but most won't have any idea how to do that. And the company/host can easily audit the payments, as nobody using Blesta with non-merchant payment is a large operation. We don't have tons of transactions.

 

I find this an excuse, to be 100% honest -- a reason not to simply make this feature (to remove another feature).

 

Let us, the end users of the billing panel, worry about fraudsters. Thanks for your concern, but don't hand-hold us.

Link to comment
Share on other sites
  • 4 months later...
  • 2 weeks later...
Max Newbie

Max

Posted
Posted

When payments originate from third-party sources Blesta doesn't have control over them. That's just the nature of the process. When Blesta constructs the form data that is sent to PayPal or any other nonmerchant gateway, it's (generally) treated more as a suggestion by the gateway that the user should pay the given amount.

 

Form posts are great if you want to have a "donate by Paypal" button on your static website.

But the majority of non-merchant gateways also offer APIs nowadays that work like this:

 

1) call their webservice first to register the transaction with the amount, currency, description, status callback url, etc.

2) receive a URL like http s://payment-service-provider/b2990dac-ff0a-11e4-bd29-00270e120a22 back to redirect the user to.

 

Nothing that the user can change that way. And the user doesn't have to click on a form submit button first, you can just HTTP redirect them to the payment page.

Link to comment
Share on other sites
  • 2 weeks later...
aklik Newbie

aklik

Posted
Posted

As thynan said, "disable partial payment" option is in plan to be implemented? We find really awkward that user can set whatever value at the payment time, creates confusion and trouble in the same time among users. So, is there any option to disable partial payment or the edit value?

Link to comment
Share on other sites
  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...