Page MenuHomePhabricator

Time-outs leading to double donations
Closed, ResolvedPublic

Description

Including original email thread here for tracking (yes, it is awkwardly in reverse order):

Sorry not to have responded sooner, this thread got burried in my inbox.

Like Tomasz said, PayPal will timeout during our communications, but that doesn't always mean that they did not receive the transaction. This is clearly problematic, but it's what we have to work with. Since I recently lost my dragon-slaying sword, I think there's not much chance of us fixing PayPal or preventing 'Anonymous' from DDoS'ing PayPal, so our solution should probably be a user-experience once.

So, we could leave the timeout threshold as it is (we actually used to have it set higher, but typically if PayPal doesn't respond within a couple of seconds, the trxn is going to timeout anyway), but change the user experience so that the user is alerted their transaction is pending or processing (rather than telling them it failed). We could also send an email about the transaction to the fundraising team, alerting us to the fact that there's a transaction in question to follow up on. We wouldn't necessarily need to store any more transactional data about the user than we already do - perhaps name, email address, contribution amount and internal tracking id. And I do not think we'd need any sort of centralized storage for this, we could just pass this info off in an email. That should be enough info for our team to look up the transaction in the PayPal interface and match it up to a donor. While a little more difficult than just increasing the timeout threshold, I think this would go a long way to improving the user's experience.

The downside to this approach is that it's possible that a user's transaction will fail (maybe they entered their address or credit card # incorrectly) but won't know about it until the transaction's been reviewed by someone on our team. But I imagine it would alleviate the double-charge problem.

On 12/11/2010 11:33 AM, Tomasz Finc wrote:

Adding Arthur

What happens here is that PayPay is not responding to us when we send over a transaction. We need them to respond in order to know if a credit card was valid or not. Typically this takes about 3-5 seconds.

But, we've seen this creeping up as a result of the Wikileaks attacks against PayPal which have drastically degraded their performance.

A couple of options here

  1. If we hit a timeout then surface a "Thanks, were processing your trxn message" and hope for the best pro: simple text change con: we have to store user info while we are waiting and notify them by email if the trxn fails

    medium difficulty
  1. We increase the timeout past a minute pro: simple change con: most people wont wait that long

    easy difficulty
  1. We get the 'Anonymous' group to stop attacking paypal pro: no code changes con: they might ddos us

    there by dragons difficulty

Arthur might have even better ideas ...

--tomasz

On Dec 10, 2010, at 6:13 PM, Josh VanDavier wrote:

Hey Tomasz --

We're still seeing a lot of these time-outs. I spend most of my time in OTRS going through these issues. It looks like the donors submit their information, but the system displays a message that the site has timed out and that they need to re-submit their information. Then they are charged twice (or 3 times if it "times-out" on them again).

Any idea what is causing this?

Thanks!

On Tue, Nov 23, 2010 at 4:17 PM, Josh VanDavier<jvandavier@wikimedia.org> wrote:
Hi Tomasz --

We've been getting messages in OTRS regarding donations timing out and donors having to resubmit their information. This seems to happen more often between 5:30pm until we arrive the next day, both here and internationally.

Here are a few ticket numbers of some of the donations we've been looking at:

Zoom Ticket#: 2010112210025366
Zoom Ticket#: 2010112310033873
Zoom Ticket#: 2010112310027648

Thanks!

Joshua VanDavier

Community Officer
Wikimedia Foundation

Joshua VanDavier

Development Associate
Wikimedia Foundation


Version: unspecified
Severity: enhancement

Details

Reference
bz26340

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:23 PM
bzimport set Reference to bz26340.

We could simply be honest about it. "PayPal hasn't answered to our request. It is likely being processed, but you may need to resubmit it in case you don't get charged."

pgehres wrote:

Since we did not seem to have any issues with PayPal during the last fundraiser, I think this has been resolved by someone, somewhere, at sometime.