Pricing & TAX for paid downloads might kill you

[Cyboman]

Hi,

I'm really wondering about the implemented TAX calculation in IP.Commerce & IP.Downloads!

Example:

1. Uploader uploads a paid download for 10 USD (first problem: you can only insert net amounts, no totals = no end sums already including TAX!)
2. TAX SETTINGS are set to: imaginative MARS TAX 10%, imaginative EARTH TAX 20%
3. Now purchaser (from earth) wants to purchase the download product
4. Earth purchaser enters his address and would be charged 10 USD + 2 USD EARTH TAX = 12 USD to download the paid download
5. But clever earth purchasers know, that it is at a reduced TAX rate on planet Mars, so he enters any imaginative Mars address as his billing address, as there is not a single trustworthy checkup where he comes from or another restriction. And a digital product doesn't require a correct shipping address (second problem: anyone can do this!)
6. Result: he is charged only 10 USD NET + 1 USD MARS TAX (third problem: purchaser commits TAX fraud by doing this)
7. fourth problem: seller also commits TAX fraud, as he is allowing this so easily!
8. fifth problem:
   - prices in product overview pages are shown excl. TAX (but it doesn't say this! that's illegal, too),
   - same on the widgets
   - whereas on checkout totals are displayed and in addition incl. TAX and you can fake this easily.

Really? You must be kidding.

Please tell me, if I have overlooked something special, but... that form of TAXING is really dangerous for everyone using it and no one should - if I'm not mistaken!

If you don't have to pay any TAX, great! Otherwise: you will be imprisoned very soon, if you sell downloads and have to fulfill TAX-Duties (selling to different TAX locations).

Solution 1: implement additional IP check that is matching IP address plus country field from billing address. If it doesn't match = deny all purchases!

Solution 2: let uploaders enter (as a choice) total amounts directly when uploading downloads, so for every purchaser on earth, mars a.s.o., it will be the same total amount no matter where he comes from  (this way he won't care about faking his country address at least and he won't use any proxy servers)

[opentype]

It’s called running a business. Yes, you have to deal with all these risks. 

Requiring the full correct address is the default. There are fraud checks measures/rules build in already and you can adjust them how you like it. You can also activate the MaxMind minFraud service and if necessary to automate such things. And if you don’t want to trust automatic measures, you need to process each order manually.

So I am not really sure what your complaint is here. It’s not IPS’s fault that e-commerce laws are so complicated in many countries. 

[Cyboman]

Ok, @opentype, that was one of the best answers for my use case so far!  Really!

No one ever, not even the IPS support, was able to give me the hint "to have a closer look at MaxMind minFraud". Over the last years, I wrote dozens of posts about required geoIP services, but no one ever answered about this service integration possibility before. Neither IPS support nor the community. I always thought MaxMind has a database with fake or stolen credit card numbers and that's it (my fault)! At the moment, it seems to me that this paid service might be an adequate solution.

Please let me formulate some questions concerning the fraud rules implementation in IPS, the MaxMind integration and the payment processing. Hopefully experienced minFraud users can answer them!

Currently I guess it will be working like this:

1. Earth Customer is not using his earth address but the mars address as an attempt if payment and download will work with the fake data input (=TAX fraud)
2. He attempts to process the payment and download a paid digital file in IP.Downloads
3. But he can't download the file directly, as minFraud has to perform its checks before and at first! (I know it's probably only 2 seconds waiting time, but during this time, no payment will be received and the file download is denied)
4. minFraud detects by customer device IP check (I only require a trustworthy IP check), that the Mars address is fake. It does it, as min Fraud evaluates (A) the customers billing address entered before in the IPS checkout process (entered country address will be transferred to minFraud) with (B) a matching customer device IP. Right (minFraud check itself)?
5. minFraud can be configured to give a 100% risk score, if billing address and minFraud IP resolution don't match to be the same country. Right?
6. The 100% risk score is then transferred back to IPS, where I can define special anti fraud rules in IP.Commerce payment settings.
7. My configured IPS anti fraud rules will then state, that 100% risk score has to result in a total denial of payment processing and denial of the file download. Right?
8. Receiving payments and downloads won't be granted as long as billing address country and IP country resolution check by minFraud don't match

Is the described process correct?

Or is it handled differently?

A different handling could be:

• minFraud doesn't have the functionality to do a IP-to-country-resolution check, it only does other checks
• IP.downloads grants access to the file download before minFraud checks are performed (= I'm loosing money as I will be told about the risk afterwards)

Could an experienced MaxMind user please confirm or correct me?

Thanks.