You are aware that with a business account on paypal you can select the raw card data requirement?
At any rate you seem to be neglecting the fact tht every retailer in Canada is then in the same boat so really your argument is with the system as a whole so please feel free to post that argument elsewhere but let's try to keep things in perspective here.
Admittedly there is a potential issue with the system I've developed therefore were going to fix it using the most secure method we can. At this stage the credit card method via the paypal ipn and limiting th api is as secure as you get short of collecting personal documentation etc. you are correct that anyone can then waltz in with a visa gift card and use it however the responsibility for that then squarely rests on the person who is either usin the card or those that gave it to them an I am 100% satisfied that I have done everything I can realistically do to prevent little johnny from gettin his hands on a restricted product.
Now saying that also I have already suggested that maybe there now needs to be some form of skirmisher database that retailers can access to assure themselves that credit card fraud is not being used to buy goods illegally.
I've even suggested that if be willing to work on such a database and the resources surrounding it but as I stated it is not an easy or even simple task an would require a massive concerted effort across all of Canada. But I do believe it to be possible and maybe that's where we need to start.
For the time being though the solution of restricting via credit card is the only viable option an I believe it to be enough.
No matter what you do here there is always a risk that someone finds a way around your measures and that argument can be made relentlessly and as such is a bit stupid at the point it's gettin to.
"Creator of the Zombat Sniper - oh yeah baby"