This is a long post, but due to the severity of the situation, it warrants a full and thorough explanation. tl;dr : Paypal has a mission critical bug with their Adaptive Payments API that has been live for at least 9 days, and did not even know.
Today we received an email from a customer that was concerned his order wasn’t showing up under his account, yet it was visible on his Paypal account. After digging into our implementation of Paypal’s Adaptive Payments API, we didn’t find anything wrong. We did however notice we hadn’t received an IPN, an “instant payment notification,” from Paypal alerting us of the order. Anyone that uses Paypal as a payment processor depends upon IPNs for managing orders.
The process is:
- Customer checks out of Tindie, redirect to Paypal
- Pays on Paypal, redirect to Tindie
- Paypal sends IPN to verify order was completed
- Paypal sends another IPN with transaction fees
As Paypal says in their own documentation:
Merchants can use it to automate back-office and administrative functions, like fulfilling orders and providing customers with order status.
That is exactly how we use Paypal, and when there is a problem with IPNs, every merchant that depends upon Paypal has a monster issue because they aren’t being notified of customers paying for orders. Customers are paying, and companies have 0 idea there was a transaction.
I called Paypal Technical Support to verify exactly what we were seeing. Sure enough, they had received other calls today about this exact issue. Other vendors were not receiving IPNs for their orders. The ticket for this “critical bug” was created today.
The problem with that fact is that our customer’s order was from 9 days ago. For at least 9 days (we are going through all of our partial orders now to see the full extent of this bug), Paypal was not sending IPNs to merchants and did not know. This is a mission critical function for online businesses and we were never notified or alerted about it. The fact the ticket was made today also means Paypal didn’t know - and if they were unaware that such an important bug, then that brings into question their entire platform.
Because of how critical IPNs are to any Paypal integration, we didn’t think to double check if IPNs were not being sent. We are currently building that check as I type this. We are also going through older, partial orders to find any others that were affected, and resolve those as well.
Moving forward I have serious reservations about using Paypal due to the severity of this bug, and their lack of awareness in such a critical part of their system. We currently depend upon Paypal for our disbursements, but I am looking into other options. For US sellers, we could transfer funds through Stripe. Stripe lets us transfer funds to another US bank account or US Visa/Mastercard debit card. For international sellers, we’re open to other alternatives if you know of any.
I’m very concerned about our dependence on them moving forward. While I was on the call with Techincal Support, he said it had happened previously as well. This is at least the second time IPNs haven’t gone out, and I (along with countless other merchants) was unaware. Tindie is a small business, and we cannot have Paypal souring our reputation due to their ineptitude to provide a stable platform and fast, transparent support. The people I spoke to on the phone were great- it is Paypal’s policies which are the problem. The fact Paypal isn’t alerting merchants about this bug is a huge issue. How can we run our business when the platform we depend upon isn’t keeping us informed of their status? The answer is we can’t - and I’m unwilling to sacrifice our customers to Paypal’s ineptitude.
So how would you like to receive your disbursement? I’m open to exploring all options outside of Paypal.
Emile
Founder of Tindie