2co fraud issue

[directiz]

Does anyone have this issue with 2co merchant provider

 

when a new order comes in and its paid by credit card with 2co. payment is marked paid in whmcs.. later on if that credit card is marked as fraud. it doesnt update in whmcs.. so when we get an new account like this. our system auto reg domains.. and it comes out of our pocket.

this issue breaks our automation when we have to turn off auto domain registration

 

is there a fix for this?

[Mo9a7i]

I'm facing the problem too

Actually, 2co's procedure is more like this:

-client in your website, clicking the 2co option

-goes to 2co's website and pays through a credit card

-if his card's numbers are alright, 2checkout tells him it's successful and calls back your website to tell that this order has been paid

-they send to the vendor an email telling him we have received an order but it's not confirmed yet

-then they take around 2-4 hours to send you another email telling you if it passed their fraud check or not

 

 

within these 2-4 hours, if that client was a hacker with a stolen visa or what ever, he could do what ever he wants on your server (if that was the plan) and might find an alternative way to stick up to the server even after you cancel his account

 

 

In this case your losses are:

1- paid for a domain that can't be cancelled.

2- a hacker hanging there on your server waiting for everything to chill and start digging for his next step.

 

 

but i don't think the soultion to this case can be from WHMCS's side as that's the most 2co offers, the call back button which get's called once only.

 

I'm not sure, i'll be following this thread to see if anything changes or if got this idea wrong.