PayPal is not my pal

After many years of using PayPal as my primary payment processor, I'm done with them.

As I discussed recently, I've been dealing with a fraud explosion with PayPal in recent months, with some nefarious person or persons using stolen credit cards (typically European) to buy Dejal apps. I'm not sure why; probably just to test that the transaction works, since as far as I can tell they aren't actually using the apps.

Inevitably, the owners of those cards query the transactions or replace their cards, and I get hit with both a reversed transaction and a $20 chargeback fee. And of course I feel bad for the card owner.

I tried restricting the PayPal store to only US addresses, which stopped the fraud... but then most of the world was unable to buy via that store. I later tried to restrict it to only verified PayPal accounts, but that filter doesn't seem to actually work. So I've had enough.

Now, I have changed to make the FastSpring-powered store the default, and I don't publish the PayPal-powered store anymore. It's still there, and will still work, but hopefully making it more obscure will eliminate the fraud usage. If you want to use it, feel free... but I'll look closely at all PayPal purchases to ensure they are legitimate, and may lock it down if the criminal keeps attacking it.

Although this isn't what I wanted, I'm not too broken up about it — I've been slowly moving more stuff to FastSpring anyway. The direct edition of Time Out 2 includes an in-app purchasing feature that is powered by FastSpring, and I will be rolling that out to my other Mac apps as I update them. And even for website purchases, FastSpring is a nicer service, supporting credit cards, checks, and yes even PayPal accounts. And it better handles international purchases, with local currencies and VAT etc.

I'll still use PayPal for the Simon Service Plan subscription, a $99/year subscription for Simon power users.

I'm sad to have to stop using PayPal as a primary store, but it's time. Removing it as a vector of attack for fraudsters, and simplifying the web store, is an improvement.