GDPR Compliance for Ecommerce Sites

GDPR Compliance Ecommerce Banner

Overview

What is the GDPR?
The General Data Protection Regulation (GDPR) is an EU law passed in 2016 meant to give citizens of the EU greater control over collection, storage and usage of their data. By the same token, it’s meant to give businesses a clearer legal framework to work with.

Why do I care about the GDPR?
On May 25th, 2018, non compliance with the law can result in fines and sanctions by the regulatory authorities (€ 2 million or 4% of revenue) in addition to damages suits brought by individuals whose data is handled in accordance with the law.

Does the GDPR apply to Me?
The GDPR applies to any organization that collects personal or behavior data on EU citizens. This broad definition means that any company that has EU customers or collects data on EU users is impacted by the law. In addition to (relatively) straightforward data collection such as customer account information, it’s important to note that you are also responsible for the compliance of third party or custom tracking and analytics software used on your site.
The GDPR has additional requirements of companies of over 250 employees. For the purposes of this post, we’ll focus on the fundamentals as they apply to small and medium businesses under 250 employees.

What do I do About it?
The key principles of the GDPR are broken down below into data collection and data storage as a starting point for ecommerce businesses to taking steps toward compliance. As with any legal matter, it’s important to consult a professional about how the GDPR applies to the specifics of your business operations.

Some Key Terms:

Before getting into the GDPR and related literature, note that the regulation distinguishes three parties within its framework:

  1. The Data Subject: Customers, users, or anyone providing data to third parties (including employers).
  2. The Data Controller: The business with which the Subject is directly interacting with and providing data to. Under the GDPR, the Controller is ultimately responsible for legal collection, storage, and sharing of the Subject’s data. If you operate an ecommerce site, this is you.
  3. The Data Processor: Third party platforms and services which receive/process user data on behalf of the Controller. Ecommerce examples include Google, Shopify, or UPS.

 

Data Collection

A wide range of data all fall under the GDPR rules for consent and protection of data. Any personal or behavioral information falls under the new regulations which means that in addition to personal information such as bank accounts and addresses, IPs, MAC addresses (device identifiers), photos and social media posts will also be subject to the GDPR rules.

Before getting too overwhelmed by GDPR’s data requirements, it’s important to note that a concept called “Legitimate Interest” allows the Controller (e.g. website) to collect information that is vital to providing the services that the Subject (read: customer) has voluntarily agreed to. For example, collecting name, address and credit card number is necessary to verify the Subject’s identity and process a secure payment which the user has voluntarily entered into contract for. Legitimate interest is a separate justification from the “consent” outlined below. In short, you don’t need to overturn your core operations.
Get Clear, Informed Consent
A fundamental principle in GDPR-compliant data collection is clear consent. Users must know how and why you are collecting each piece of information, and actively “opt in” to provide it. The example that virtually everyone in ecommerce will understand is the checkbox opt-in to marketing mail lists. Under the GDPR, a user must be have a clear understanding of exactly what the website will be using the email for. Crucially, the user must actively opt in. A pre-ticked checkbox or consent that’s hidden behind a link won’t fly as stated in Article 4.11, “…Silence, pre-ticked boxes or inactivity should therefore not constitute consent.”

pre ticked consent box on email sign up

Pre-ticked and unclear opt-ins – Not an option after May 25th

Furthermore, consent cannot be “bundled,” meaning the user must have the opportunity to opt out of specific aspects of data usage and not be faced with an all or nothing decision. An all or nothing consent tickbox is not acceptable.

bundled consent form GDPR

Good Opt-in, but “Bundled:” Below is a good example of providing users with a clear choice about whether to opt in and what they’re opting in to . However, bundling different marketing channels (SMS, phone, and the vague “other electronic means”) is against GDPR regulations

If you share your data with third parties for the purposes of analytics, marketing, or business operations, be transparent about who they are and why you are sending user data to them.

Cookies
The EU already has cookie laws, but if you’re located outside the EU and are just beginning to familiarize yourself, be aware that cookies fall under the GDPR as well as existing laws.

Collect Limited Data:
In accordance with the GDPR’s “Privacy by Design” which calls controllers to hold and process only the data that is necessary for the completion of its duties, if you don’t use information that you’re collecting, stop asking users to give it to you. For example, a lot of web forms will include a “Company” field that isn’t actually used for business or marketing purposes. In reality this is a UX design best practice regardless, so reviewing your forms to eliminate unnecessary fields could be a win-win in terms for GDPR compliance and conversion rates.

Note: The GDPR contains a requirement that some companies appoint a Data Protection Officer to ensure compliance and act as a contact for authorities and data subjects. However, according to the GDPR website, this requirement only applies to “ controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences.” Most ecommerce companies won’t fall into this category.

Data Storage

Secure Storage:
The GDPR aims to ensure that all EU citizen’s personal data is not only voluntarily given, but also stored securely. One of the most thorny rules in the cross-border world of ecommerce is the requirement that all data be stored on physical servers within the EU. See the Third Party Processors section below for cloud based hosted services, but websites with self-hosted websites and services should conduct an audit of information storage to ensure compliance with GDPR rules.

User Data: Make it Portable, Editable, and Erasable
GDPR requires that Data Subjects (users) can contact the Data Processors (website) and request that their personal information be:

  1. Edited – User data be updated or changed at the request of the data subject.
  2. Portable – User data can be provided to the subject upon request. The GDPR also includes language about transferring data from one company to another at the request of the subject, but no industry-wide protocols have been established yet.
  3. Erasable – A user has the right to request that their personal data be deleted permanently. As a business operating under GDPR regulations, you’re required to provide a visible contact or mechanism for requesting and carrying out these requests.

Another key point is to make very clear to users that the above options are available. Users must be made aware of their rights to withdraw opt-ins and edit or delete. Note that it is your responsibility to pass these requests to third parties as well.

 

Third Party Data Processors

Most larger hosted solutions and analytics software companies should be taking their own steps to comply with GDPR. The most-used ecommerce and marketing platforms all have their own statements regarding their current or planned compliance with the GDPR as seen below. Be sure to research the specific services that you use and whether you need to take proactive steps in your configuration or application of each one. Be sure to contact them directly if you have unanswered questions.

 

Further Reading

It’s important for everyone to understand the GDPR in terms of both compliance and best practices for adapting without hurting your business and marketing efforts. The below suggested links include official documents and statements as well as some more in-depth looks at how businesses are complying in practice. Ultimately, GDPR compliance can be a significant positive trust factor, so be sure to let users know what you’re doing for to protect their privacy!

EU & GDPR Pages:

 

Direct Statements from Ecommerce Platforms

 

Further Reading on Best Practices for UX and Marketing under GDPR:

  1. In-depth look at email marketing consent in practice: https://www.zettasphere.com/gdpr-consent-opt-in-examples/
  2. Article on Consent vs. Legitimate Interest by DMA (UK) Compliance Officer: https://dma.org.uk/article/gdpr-consent-or-legitimate-interest-email-marketers-need-both
  3. Good look at compliant and non compliant UX examples of informed consent: https://www.econsultancy.com/blog/69253-gdpr-10-examples-of-best-practice-ux-for-obtaining-marketing-consent
  4. A look at how third party cookie forms may look that includes some informal surveys: https://pagefair.com/blog/2017/new-research-how-many-consent-to-tracking/

 

Disable Auto-Apply Ad Suggestions in Adwords

turn off auto apply adwords suggestionsDisable Auto Acceptance of Suggestions in Adwords with the below steps:

  1. Go to Settings
  2. Select the Account tab
  3. Choose the Don’t Automatically Apply

Opt out of auto accept adwords suggestions

MCC /Agency Accounts can use the below form to opt out en masse:

https://services.google.com/fb/forms/adsuggestionsmccoptoutform/

Late last year Google adwords accounts have begun to default to “accept” Google’s Suggestions after 14 days. They describe this as the “ideal setting for most advertisers” and actively discourage opting out of it.

The Suggestions in adwords are fine, and by all means may be valuable, but allowing them to auto apply relinquishes a significant amount of control of factors that influence your budget and ROI.

Ultimately, all advertising platforms have an interest in advertisers spending larger budgets. This doesn’t mean you need to discard all Suggestions, but it’s enough to make not accepting them your default starting point as an advertiser:

 

 

Amazon Headline Search Ads Overview

Headline Search Ads allow sellers to create banner ads that showcase up to three products and direct shoppers to a custom landing page built from your brand’s products. Keyword-targeted, these ads display prominently at the top of Amazon search result pages on both desktop and mobile.

Note that Banner Search Ads are only available to sellers who’ve been approved through Amazon’s Brand Registry.

 

At a Glance:

Pros:

  • Guarantee of best real estate when ad shows
  • Ability to showcase brand
  • Ability to showcase multiple products on landing page

Cons:

  • Higher cost per click than other ad formats
  • Not suited for product-specific, long tail keywords
  • Added click between first click and conversion

 

Amazon Headline Search Ads offer sellers a great opportunity to increase brand awareness, something that’s been difficult in the past for Amazon.

Where traditional search ads will likely be more effective at matching search intent to a specific product, Headline Search Ads allows sellers to showcase their brand (or a subset of its products) in a way that wasn’t available before. n opportunity to get a brand in front of people earlier in the conversion funnel.

 

How to Use Headline Search Ads

As we see it, most Headline Search Ad campaigns fall into two general categories:

The first strategy involves directing shoppers to a broader brand page–showcasing all or nearly all of your products–with a primary goal of building brand awareness earlier in the conversion funnel. Assisted conversions, rather than “last click,”  are the success metric here as shoppers view your ad’s creative content and begin to associate it with concepts or product attributes.

The second strategy is to create a product landing page with a cohesive set of products that all match the same set of search terms. This is useful if you have similar products which are not listed as variations, allowing you to get eyeballs on multiple product options at once. In this scenario,the ad campaign still aims to drive direct conversions as with traditional sponsored product ads, with a secondary benefit of better brand awareness.

 

Amazon Headline Search Ad Setup:

Similar to it’s Sponsored Product ads, Amazon makes Headline Search Ads very easy to get up and running. Instead of a step by step, it’s more useful to consider the elements that are available to the average third party or brand page owner:

1) Landing Page Products: Amazon allows you to select the products which will display on your campaign’s landing page (minimum of 3). Regardless of whether you’re pursuing a broader branding strategy or a more direct conversion strategy, cohesion is key to both in order to build a landing page that’s more effective. However, if pursuing the latter strategy of last click-type conversions, similarity among your chosen products becomes more important as each one needs to be able to meet one set of keywords/search terms.

Amazon Headline search ads landing page product selection

Build a cohesive product section for your campaign’s landing page.

 

 

2) Displayed Product Images: Amazon allows you to display 3 products as well as  a “Main Image” which displays to the left of your ad copy. The three products’ main product images will display as thumbnails along with the first 18 characters of their Amazon product name.

The Main Image, slightly larger than the product thumbnails can display either:

– The thumbnail of one of your three chosen products

– The thumbnail of a 4th product belonging to the same brand

– A custom image – a great opportunity to escape Amazon’s restrictive image requirements and get creative!

Keep in mind that only the Main Image and your ad copy will display on mobile.

3) Headline / Ad Copy: Sellers are given 50 characters for their Headline Ad’s copy. Your style here depends on your goal, but it’s good practice to include the primary search terms that you’re using for your ad (just as we all work to get those relevant keywords into our product titles).

In addition, you also have the option to edit your brand’s display name.

Product image selection Amazon Headline Search Ads

Select your product’s headline and product image display

 

4) Targeted Keywords: Headline Search Ad’s keywords are set up using exactly the same interface as Sponsored Product ad campaigns. Aside from the additional consideration of branding benefits, keywords should follow the same best practices as any other ad campaign, namely relevance, relevance and relevance. Choosing one set of target keywords for multiple products means this is worth extra consideration, A/B testing, and monitoring in the case of Headline Search Ads.

Amazon’s guidelines for HSA keywords are as follows:

amazon keyword guidelines headline search ads

 

 

For more on what Amazon has to say about Headline Search Ads, check out the following links:

1) Headline Search Ads Optimization Tips (Amazon)

2) Headline Search Ads Overview (Amazon)

Configure Zabbix Alert Scripts

zabbix alert scripts banner

Steps:

 

  • Create Jabber Script
  • Test from terminal
  • Configure Zabbix to use Jabber script
  • Create Email Script
  • Test from terminal
  • Configure Zabbix to use phpmailer script
  • Tell Zabbix to notify
  • Flap a server to verify operation

jabber.sh is a replacement for the built-in Jabber/XMPP functionality within Zabbix.  You may need to install ‘sendxmpp’ prior to installation.  This is functional in an Ubuntu Xenial server installation, but the path may vary for CentOS/RHEL deployments.

Contents of /usr/lib/zabbix/alertscripts/jabber.sh:


#!/bin/bash
to=$1
body=$2


cat < $2
EOF

 

Adjust ‘user’, ‘server’ and ‘password’ accordingly for your particular setup.  The script should be owned by the zabbix user and have execute permissions set:

-rwxr-xr-x 1 zabbix root 288 Jun 16 05:11 jabber.sh

To test, simply execute the script like any other. Note the arguments passed into it:

# /usr/lib/zabbix/alertscripts/jabber.sh recipient@server message

If unable to send, try using sendxmpp outside the script and make sure it can send that way, then debug the script as required.

Your Zabbix should look like this:

 

zabbix setup 1

zabbix alert scripts screenshot 2

Note that the ‘Type’ of the media for the user corresponds to the name of the script we added earlier.

Email follows a similar procedure. Just make sure to have the necessary PHP modules installed. Below is the setup to use a gmail account:

Contents of /usr/lib/zabbix/alertscripts/phpmailer.php:


#!/usr/bin/php
require_once "Mail.php";


$from = "ZABBIX <user@domain>";
$to = $argv[1];
$subject = $argv[2];
$body = $argv[3];


$host = "ssl://smtp.gmail.com";
$port = "465";
$username = "username";
$password = "password";


$headers = array ('From' => $from,
'To' => $to,
'Subject' => $subject);
$smtp = Mail::factory('smtp',
array ('host' => $host,
'port' => $port,
'auth' => true,
'username' => $username,
'password' => $password));


$mail = $smtp->send($to, $headers, $body);


?>

Adjust ‘user’, ‘server’ and ‘password’ accordingly for your particular setup. The script should be owned by the zabbix user and have execute permissions set:

-rwxr-xr-x 1 zabbix root 572 Jun 16 12:26 phpmailer.php

To test, simply execute the script like any other. Note the arguments passed into it:

# /usr/lib/zabbix/alertscripts/phpmailer.php user@domain.tld subject body

Make Zabbix look like this:

zabbix-4

 

Note that the ‘Type’ of the media for the user corresponds to the name of the script we added earlier.

zabbix screenshot 5

Most important step!  This tells zabbix to actually use everything we just set up.  Once this is enabled, flap a server to give zabbix something to tell you about.  Check Pidgin and your email to see if it worked! :)

 

 

 

What does “Business Buyer” Mean in Seller Central Orders?

If you’re selling on Amazon, chances are that you may see the label “Business Buyer” next to an order number. This can appear in your Orders tab or in your Sales Reports.

business buyer order seller central

What does this label mean?

This label simply means that the buyer is registered with an “Amazon Business” Buyer account. From their end, this gives them access to extra features that aren’t included in normal Amazon accounts, including some extra flexibility, and analytics. Most importantly, business buyers have access to special pricing provided by sellers participating in the Amazon Business program.

What does this mean as a seller?

If you’re seeing multiple orders from Business Buyers, it’s a fair bet that you may benefit from being able to target this market with special pricing and several other advantageous features. If this is the case, you’ll need to apply as an “Amazon Business” Seller.

The business seller program has a higher bar for seller performance and asks that you be able to accommodate certain business purchasing needs (e.g. recognition of buyers’ tax status and provision of purchase orders).

However, the benefit of being able to offer lower prices to a higher tier of purchasers may well be worth the small hassle of application and qualification.

 

Registration and Qualification

To register as a business seller follow the below link (Note: Seller Central Accounts Only):

https://sellercentral.amazon.com/business/b2bregistration

The below Seller Central Link answers FAQ and includes the basic requirements for approval into the business seller program. As it requires logging in to Seller Central, the basic requirements are pasted below as well.

https://sellercentral.amazon.com/gp/help/201750810

In Amazon’s own words:

Who is eligible for the Amazon Business Seller program?

Sellers who have the capability to fulfill the following requirements of business customers.

  • High bar for performance. 
    Selling on Amazon Amazon Business Seller program
    • An Order-Defect Rate (ODR) of 1% or less. 
    • Pre-shipment Cancellation Rate of 2.5% or less. 
    • Late Shipment Rate of 4% or less. 
    • An Order-Defect Rate (ODR) of 0.5% or less. 
    • Pre-shipment Cancellation Rate of less than 1%.
    • Late Shipment Rate of less than 1%.
    • Few chargebacks, A-to-z Guarantee claims, and negative feedback.
  • If the seller participates in Amazon’s tax calculation services, the seller must honor the customer’s tax exemption through the Amazon Tax Exemption Program. 
  • There must be a tracking number on every business order package.
  • There must be a packing slip with every business order package.
  • There must be a purchase order number with every business order package.

Have any questions or feedback about this post or the Amazon Business program? Let us know below!

Differences between Facebook Subdomains in Google Analytics

When visiting Google Analytics and looking at Source / Medium -> search for: Facebook -> you’ll see Facebook referral traffic listed in up to four different types:

google analytics Facebook referral types

By typing Facebook in the filter search bar you can see the total facebook referral traffic. However, understanding what each link type is can give more detailed insight into referral traffic.

The four types of Facebook referral traffic will be displayed as follows in Analytics:

1) m.facebook.com – Referral traffic coming from a click in facebook mobile app.

2) facebook.com – Referral traffic coming from normal web link click in facebook.com

3) l.facebook.com – Referral traffic coming from a link shim link click. A link shim link is facebook’s internal system checking this URLs against internal and external blacklists of malicious or spammy sites.

4) lm.facebook.com – Referral traffic from link shim link on mobile browser.

Why do I care?

  1. Knowing whether your facebook referral traffic comes from desktop or mobile app is an advantage that it allows you to tailor your landing pages & content to the appropriate device(s).
  2. If you’re not seeing l.facebook, or lm.facebook referral links but you have good reason to expect them, check whether your site’s been blacklisted by Facebook..

Increase Your Email Open Rates *TIP*

email marketing open rates

Even with the ever-increasing number of online platforms to use for marketing campaigns, our experience is that email campaigns still provide a significant ROI for many of our clients.

Of course, the ultimate goal of an email campaign is to increase conversions, and that all starts with the open rate. There are a number of reasons that open rates can be low, but we’d guess that a significant percentage of unopened emails were not consciously ignored. Rather, they were received or seen at the wrong time of day, in the wrong place, or on the wrong device (and so on).

Here’s a (really) simple method to increase your open rates:

1) Compose your email and send it out to all of your users.

2) Wait 5 to 7 days and send out the same email with a new subject line only to your subscribers who did not open the initial email (easily segmented with any newsletter delivery system)

When sending or scheduling your second email, experiment with using a different time of day or day of the week (e.g. if initial email was sent during lunchtime on a weekday, try sending the second in the evening, if sent on a weekday, try sending on a weekend, and so on). This increases the chances that you’ll be getting your email in front of people who didn’t see or open the first one due to their schedule and circumstances.

As simple as this sounds, the potential increase in subscribers is well worth the extra couple of minutes it takes to segment, compose a new subject line, and send.

As always, let us know how this works for you!

Download Your Product Inventory File from Amazon Seller Central

One of the most useful things that an Amazon vendor can have is a file containing all of their products’ listing information (i.e. SKU, description, bullets, and all product detail fields). In addition to being a database of essential information that can be used for analysis, comparisons, and records, it can also be really helpful to someone who’s looking for a template for csv product uploads. Seller Central doesn’t make it simple to download or even view this information in one place. At least it doesn’t anymore.

Here’s a quick tip on how to get this information:

  • Open a ticket with Seller Support and request that they enable your account’s Category Listings Report
  • Once you’ve received an email confirming that they’ve enabled your report (be sure to check email to see if there is a time limit on your ungated reports):
    • Go to the Inventory dropdown and select Inventory Reports > Select report type > Category Listings Report

This is the simplest way to get a comprehensive file that includes all of your details about your products listings.

If anyone has any suggestions about better or more comprehensive methods for the average vendor to get this information please share them with us!

 

Get Started With Amazon PPC -Auto Targeting Campaigns

amazon auto targeting ppc banner

With small margins due to the competitive nature of the marketplace and a search algorithm that might not be as intuitive as Google’s, it can be difficult to figure out where to start with Amazon’s PPC advertising campaigns. A simple but effective strategy to start by using an Automatic Targeting ad campaign.

Auto Targeting is a great way to begin to collect information on what search terms are associated with your products or, more specifically, what search terms Amazon thinks should be associated with your product – essential information. A good way to look at it is as an investment in data for future campaigns – as well as a paid boost to a product’s sales rank.

Setting up an auto targeting campaign is incredibly easy. Start by mapping out a daily budget that you can afford. Unless you’re under serious time pressure, it’s best to start with a low daily budget in your campaign settings and then increase it incrementally until you’re getting the amount of sales and/or data that you need.

The actual setup of a campaign is straightforward. If you have a Seller Central account you can begin here.

Note that auto targeting is chosen at campaign level as seen below:
amazon automatic targeting ad campaign

 

On the next page, it’s as simple as selecting the products you’d like within one adgroup. Be sure to set up individual ad groups for variations of a single product to get the most accurate data possible.

A quick not for anyone new to Pay Per Click Advertising, the Default Click field what you’ll pay when an Amazon user clicks on your product ad. Your costs consist only of clicks, not impressions (display of the ad)

amazon auto targeting ad group

 

Search Terms Report

As your campaign runs, you can view the number of impressions and clicks that your product is getting in the Campaign Manager of your Seller Central account. Once your campaign has been running for a couple of days, you can start to download more detailed information on search terms. You can get to this page either by clicking into your ad group and following the link (below) or going to Reports > Advertising Reports > Search Terms Report.

Ad Group Overview:

ad group overview seller central

 

Search Terms Report Download:

download search terms report amazon seller central

Once you’ve downloaded this report you have some concrete information with which to start assessing your ad strategy. Not only do you have a list of the search terms that are actually being used by shoppers to help hone a manual keyword list, but you’ve also got an idea of how Amazon identifies your product which can be useful for improving the product detail page itself.

The Report itself includes:

  • Search Terms
  • Ad Impressions
  • Ad Clicks
  • Total Spend
  • Avg. Cost Per Click
  • Click thru Rate
  • Product Sales
  • Conversion Rate
  • Cost per Sale

 

Negative Keywords:

Because we’re using the auto-targeting as an information gathering tool in this example, it’s best to let your campaign run until you have a significant amount of information (a “significant amount” will vary from product to product, and seller to seller). However, after running for a short period, you can begin to add negative keywords. In the beginning, you can identify the obvious mistaken keywords (“Chicago Bears” turns up for your Teddy Bear). As your campaign runs for a longer period, you can begin to get more serious about weeding out negative search terms and try to get a positive return from the auto targeting campaign (This is not always the best strategy, or even possible, but if it’s making you money it’s making you money).

Adding negative search terms is another simple process in Seller Central. After identifying search terms that don’t relate to your product with the search term report, you simply click into the auto ad campaign > campaign settings >negative keywords > add keywords. Note that Amazon has an Exact Match and Phrase Match option for negative keywords. Be sure to choose the correct match type – in most cases you’ll want to choose Exact Match to avoid losing relevant search terms.

amazon negative keywords auto campaign

 

Adding negative keywords on a regular basis is good practice if you’re trying to hone a keyword list but still want to collect Amazon Auto Campaign data or, of course, if you’re running an auto ad campaign with the expectation of a ROI.

 

 

 

 

 

Ultimately, Amazon’s auto-targeting campaigns have the potential to be profitable to sellers. However, they can also be a worthwhile investment in data for broader use in optimizing manual PPC campaigns and creating product detail pages that rank for the correct search terms.

Magento Paypal Rounding Error – Quick Fix

Recently we came across an issue of a paypal window not functioning on a Magento 1.7 site after a site-wide 40% Off promotion began. There are likely coding /extension fixes to this issue, but we thought we’d share the simplest way to address this issue when it’s preventing users from checking out.

The Issue: The item values do not add up to the subtotal given to Paypal. The individual item prices displayed did not match the real subtotal. Magento rounds each items price to two decimal points (for USD, EUR, and others).

So, two items discounted at 40% will look like this:

Original price: 2.99 x .6 = 1.794 Price Displayed: $1.79

Original price 3.99 x .6 = 2.394 Price Displayed: $2.39

This is fine, but the Subtotal displayed is $4.19

The problem is that Magento is adding the actual values (1.794 + 2.394) to get the subtotal. When Paypal receives an order like this, it rejects the request because it does not believe 1.79 + 1.39 = 4.19. It’s receiving each item rounded to two decimal points and a subtotal that’s been calculated with up to four decimal points. These are not always the same value.

 

The Quick Fix: Although this solution leaves you with the problem of inconsistent numbers, it’s a quick solution to getting Paypal to accept these transactions. All you need to do is stop feeding the individual item prices to Paypal.

This is done through System > Configuration > Payment Methods > Paypal Express Checkout. Select Configure and then select No on the “Transfer Cart Line Items” dropdown:

magento line items checkout

Disabling this causes only the total to be read and displayed in Paypal. Users will still finalize their transaction on the Magento checkout page, enabling them to view a price breakdown before actually paying anything.

Ultimately, this still leaves you with prices that add up to more than the individual product sums, so it’s worth finding a more comprehensive solution. However, we should just reiterate that the subtotal is actually a correct sum, it’s just more precise than a sum of rounded sums.