Suspected Fraud transactions in Magento

What happens

It’s been a long-standing issue with Magento that it will sometimes mark orders that have been paid via Paypal as being Suspected Fraud – no invoice is issued, so the customer isn’t sent their order confirmation email, and the order ends up in limbo, because you can’t invoice the order manually (there’s no invoice button) and you can’t change its status manually. What’s worse is that if the customer logs into their account, they may see that their order has been marked as Suspected Fraud, which doesn’t score highly on the customer relationship front.

Why it happens

The most common reason is that because of either exchange rates or tax rounding, the amount of money which Paypal charges the customer is out by 1p compared to the amount of money that Magento thinks should have been charged. When Paypal tells Magento that the order has been paid and how much money has been paid, Magento sees this difference and flags it up to the user as Suspected Fraud

What do do Suspected Fraud transactions – Part I

Fear not. There are a couple of things which can be done. The first is to change the Suspected Fraud order status so that it falls not under the “Payment Review” order state, as it does by default, but instead falls under the Processing order state. To do this, in the admin panel, go to System -> Order Statuses – you should see something similar to the image below, which shows you that the Suspected Fraud status is assigned to the Payment Review state.

assign status

First, let’s unassign it – which is easy enough to do by clicking the “Unassign” link at the right hand end of the relevant row. This will move it, after the screen refreshes, to join the unassigned statuses at the bottom of the list. To assign it to a new state, click the “Assign Status to State” button at the top, and on the window that follows choose the Suspected Fraud status from the first dropdown, the Processing state from the second dropdown, and leave the tickbox unticked (as shown below). Then click the Save Status Assignment button.

assign status

This only solves one problem (and then only for orders that come in after you’ve done this). You can now manually update the status of an order to be processing, and you should also be able to invoice the order manually. That’s all a bit of a pain, though, and

What do do about it – Part II

If you get Suspected Fraud orders relatively frequently, then it’s a bit of a pain to have to invoice items manually – so we’ve created a simple script which will do it for you. We talk you through how the script works below, and the script itself can be downloaded at the bottom of this point.

As usual, we start by hooking into Magento. This assumes that the script is in your web root, but change the URL in the first line if that’s not the case.

<?php
require_once('app/Mage.php');
Mage::app();

Next we want to grab a collection which contains all Suspected Fraud orders – to do this, we filter down the sales / order collection by matching only those orders which have a status of “fraud”.

$orders = Mage::getModel('sales/order')->getCollection()
    ->addFieldToFilter('status', 'fraud');

Now we’re going to loop through all those orders, load them, update their order state to processing, and their order status to processing, then save them. For information on the distinction between order statuses and order states, look out for a new blog post from us in the coming weeks.

foreach ($orders as $order) {
	$orderId = $order->getId();
	$fullOrder = Mage::getModel('sales/order')->load($orderId);
	$fullOrder->setState(Mage_Sales_Model_Order::STATE_PROCESSING, true);
	$fullOrder->setStatus('processing', false);
	$fullOrder->save();

Since the order hasn’t been invoiced, we also want to invoice the order – this should also trigger the order confirmation email to be sent to the customer.

	try {
		if(!$fullOrder->canInvoice()) {
			Mage::throwException(Mage::helper('core')->__('Cannot create an invoice.'));
		}
		$invoice = Mage::getModel('sales/service_order', $fullOrder)->prepareInvoice();
		if (!$invoice->getTotalQty()) {
			Mage::throwException(Mage::helper('core')->__('Cannot create an invoice without products.'));
		}
		$invoice->setRequestedCaptureCase(Mage_Sales_Model_Order_Invoice::CAPTURE_OFFLINE);
		$invoice->register();
		$transactionSave = Mage::getModel('core/resource_transaction')->addObject($invoice)->addObject($invoice->getOrder());
		$transactionSave->save();
	} catch (Mage_Core_Exception $e) {
	}
}
?>

And that’s it. The script can either be run manually by visiting the relevant page in your browser (it’s not designed to give much in the way of output) or automatically by scheduling a cron job – the latter method you may find useful if you get Suspected Fraud orders on a regular basis.

32 comments

  • Emily

    I have this same problem but on Magento 2.1.3 anyone have a work around for that version of Magento? 🙂

    • Giles (author)

      David,

      Not speaking German, I’m afraid I can’t tell.

      Kind regards,

      Giles

      • David

        me neither! I just used “translate this page” on right button context menu 🙂

        • Giles (author)

          David,

          Well done. If you want to know if it works or not, then, my suggestion would be to try it and find out. 😉

          Kind regards,

          Giles

  • Jennifer

    How do you manually invoice a customer – I have an order that says ‘suspected fraud’ and I can not process the order

    • Giles (author)

      Jennifer,

      Go into the order, and then click the Invoice button from the top right hand side, then the “Create invoice” button on the bottom of the following screen.

      Kind regards,

      Giles

  • Bill Garrison

    I am having an issue with this. When an order gets set to processing through this process, even after we have shipped and invoiced it will not go to “complete.”

    • Giles (author)

      Bill,

      If all else fails, change the status and / or state in the database.

      Kind regards,

      Giles

  • kim

    i’ve tried to do the above but it’s not working for me.
    can you help

  • Fabrizio

    Hi Giles,
    thanks for the script in part 2, it allows me to solve a problem even if in a rude way.

    I followed your instructions in part 1 but the system ignores me totally, fraud orders can only change to payment review; and from payment review i cannot change status anymore.
    I would love to be able to change the status without running the batch, can you suggest me what i may have done wrong ?

    Still, lot of thanks!

    • Giles (author)

      Fabrizio,

      If you can get direct database access, you can search the relevant table (sales_flat_order_status_history, from memory) and find all orders with “suspected_fraud” or similar in the status column and change those manually?

      Kind regards,

      Giles

  • Dipali

    Thanks Giles.
    Part 2 was helpful to implement through your script rather than going manually to database changes.
    This was helpful.

    • Giles (author)

      Dipali,

      You’re welcome – glad you found it useful.

      Kind regards,

      Giles

  • kushal

    very nice article .you save my 2-3h. and very well defined.

    • Giles (author)

      Kushal,

      You’re welcome.

      Kind regards,

      Giles

  • Swetha

    Hi,

    How can we find the difference in amount charged by Paypal. Can the difference be explicitly found when comparing the Magento and Paypal for that specific order?

    • Giles (author)

      Swetha,

      Yes – the Paypal transaction (which should be visible against the order in the Magento admin panel) will be for a very slightly different amount than the order itself.

      Kind regards,

      Giles

  • Camden Roe

    Hi Giles,

    I kept checking back and didn’t see the response. Sorry about that. I have added the sendneworderemail line into the code and am now awaiting the next suspected fraud order. Just an FYI I have noticed I only get this with paypal orders that have tax applied to them. All others go through just fine. Thanks for your help!!!

    Camden

    • Giles (author)

      Camden,

      No problem. Hope that does the trick for you.

      Kind regards,

      Giles

  • Camden Roe

    So I wrote in a while back hoping you might have some additional advice about getting the email to kick off. I am using 1.9 and noticed that you are attempting to get the email to send when changing the status to processing. However, it isn’t working in 1.9 and I was hoping you would know what to adjust to get it to work.

    Thanks!!

    • Giles (author)

      Camden,

      We replied to your comment shortly after you posted it. Have you made those amendments?

      Kind regards,

      Giles

  • Giles (author)

    Camden,

    Try adding in a line like so :

    	$fullOrder->setStatus('processing', false);
    	$fullOrder->sendNewOrderEmail();
    	$fullOrder->save();
    

    Kind regards,

    Giles

  • Camden Roe

    All your suggestions are working well for me. However, the email that is sent to the customer is not sent by default on suspected fraud orders. I have to go in after the cron job runs and click the send email button. Would you know how I could trigger the email to be sent within your code above so that the cron job will trigger the script to change the status and send email notification?

    Thanks!!
    Camden Roe

  • ADG

    hi
    I had the same problem as graham, where you able to fix this. if so can you let me know how you did it

    • Giles (author)

      Charlene,

      Yes – drop us a line (same email) and we’ll see what we can do.

      Kind regards,

      Giles

  • Graham Wing

    Hi, Thanks for your post. Unfortunately though, part I does not work for me. After reassigning the “Suspected Fraud” status to the “Processing” state, my order had switched from “Suspected Fraud” to “Payment Review” so I still could not edit it. Any further thoughts? I guess I will need to change the status directly in the database.

    • Giles (author)

      Graham,

      Sorry to hear that – happy to take a quick look for you, if you’d care to drop us a line – info@hummingbirduk.com

      Kind regards,

      Giles

    • Chris

      Same here. I know this is an old post, but I only got through part 1 and had the same result. The part that bites is this happened on my biggest order yet, and I am unable to do anything with the order. Magento really disappoints me with this silly fraud business. They should have made such coding an OPTION for us to override if necessary. Considering the person who ordered is also a personal friend I know in person, I would think I would be able to know if her order was fraud. ~sigh~

      Magento ver. 1.8.0.0 is what I am running. So if I attempt part 2, will your script still work? And if I read correctly, I have to run the script EVERY time I get an order like this? I do not work with cron jobs as that is way out of my scope of expertise (I am not an IT technician, so I cannot run cron jobs and the like). But I would also like help with getti8ng this order out of “Payment Review”

      If you and graham found a solution, since this article is coming up in Google, I think the solution posted here would save you some emails 🙂

      • Giles (author)

        You can’t do Part I, and not Part II, and expect the process to work just the same, old post or not.

        Undertaking Part I enables you to move Suspected Fraud orders into other states. Part II then actually makes that move by amending the order’s status directly in the database.

        Yes, Part II would have to be run each time you get an order. Your hosts should be able to set up a cron job for you if you ask them nicely, or alternatively you can do it through Cpanel if you have that installed.

        Kind regards,

        Giles

    • Keith

      I know this is an old post, but I’ve got the same problem. Doing Step one puts the order in a Payment Review status that I can not do anything with.

      Did anyone ever figure out how to get around this?

      Thanks,

      Keith

      • Giles Bennett (author)

        Keith,

        Has the order been invoiced?

        Kind regards,

        Giles

Leave a Reply

Your email address will not be published. Required fields are marked *

Want to talk to us about your project?