I bought an extension in June 2009 to handle payments on my website. As no extension exists to handle payments with Chase Paymentech, I searched online and found only one developer selling the extension, which I bought.
I realized last week the extension was not coded properly and could not handle security verification, such as verifying the billing address and the CVV2 code! I realized this after I had 4 transactions that were in dispute with Visa were withdrawn from my bank account. All four of these transactions were made within a month time frame and were addressed to 2 different addresses.
The extension in question marks the transaction as successful when the credit card number exists. It is completely bypassing the address validation and CVV2 validation!
This resulted in a loss of 2000$ as we shipped the goods before the dispute was made to Visa.
Visa says it is our fault, which I can’t disagree completely, and the police says we will never see our money (or goods) again.
So, beware of the extensions you buy when it deals with such a critical component of your e-commerce platform. I will not recommend buying the extension from this vendor, I’m thinking about releasing the modified version of the extension myself.