Kryptronic Software Support Forum

You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.

#1 06-28-2017 05:48:05

robprotronica
Member
Registered: 12-16-2008
Posts: 106

Vat "exploit" by setting shipping country to UK - Channel Islands

We are based in the UK get a few orders from the Channel Islands - these orders should be zero rated for Vat and this is set correctly in the country page with no problems and all works fine.

BUT!

We have discovered some cheeky UK customers who have entered a UK shipping address with UK postcode and set the shipping country to "UK - Channel Islands" which creates a workable UK delivery address and removes Vat from the order - quite a discount!

All our shipping is calculated with custom shipping methods and all Channel Island addresses are covered by postcodes starting either GY or JE so we have added the following into each custom shipping method:-

Code:

// We test Channel Islands postcodes to break checkout if this location is being used to avoid Vat

if ($info['country'] == 'UK - Channel Islands') {
      
     $postcode = $info['postalcode'];
     
     $pos1 = stripos($postcode, "GY");
     
     $pos2 = stripos($postcode, "JE");
     
     if (($pos1 === false) && ($pos2 === false)) {
     
          $method  = 'Error - Postcode does not match Channel Islands address';

          $total ='0';

          $custom = array($method => $total);
          
      } else {
      
        Do Channel Islands Shipping Calc
         
      } // End of if statement   
          
      } else {
    
// Shipping anywhere outside UK - Channel Islands

     Do Other Shipping Calculations
     
} // End of if statement

Seems to be working fine and the default error messages that pop up in checkout already mention making sure the postcode is correct .

At the moment we are case insensitive testing that "GY" or "JE" are somewhere within the postcode. Possibly really should be testing that these are at position 0.

The "exploit" is also present for Item Based Shipping, which we don't use, so have not looked at how to close of the potential loophole. I am assuming that Realtime or Zone Based would pick up the discrepancy.

Hope the above is useful to others.

Offline

 

#2 06-28-2017 09:06:27

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19737
Website

Re: Vat "exploit" by setting shipping country to UK - Channel Islands

Thanks for the post.  Pretty risky for the customer to put in Channel Islands as an incorrect address and hope that you still ship to the right spot.  What you did in your shipping script is exactly right, perfect.  To check position 0 and do it all in one statement, instead of:

Code:

     $postcode = $info['postalcode'];
     
     $pos1 = stripos($postcode, "GY");
     
     $pos2 = stripos($postcode, "JE");
     
     if (($pos1 === false) && ($pos2 === false)) {

Do:

Code:

     if (!(preg_match('/^(GY|JE)/i',$info['postalcode']))) {

Nick Hendler

Offline

 

#3 06-28-2017 09:28:19

robprotronica
Member
Registered: 12-16-2008
Posts: 106

Re: Vat "exploit" by setting shipping country to UK - Channel Islands

Hi Nick,

Thanks for the more elegant if statement.

When we create shipping labels there is a tendency to 'helpfully' manually correct any errors in the shipping address, so this one has slipped past us more than once, but not now we have modified the scripts smile

Offline

 

#4 06-29-2017 08:19:53

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19737
Website

Re: Vat "exploit" by setting shipping country to UK - Channel Islands

Some clients I work with feel it's better to get the orders and eat the difference on the margin.  These are typically repeat customers who are good for the business, even though they are working around things in a somewhat questionable manner.


Nick Hendler

Offline

 

Board footer