I can't understand how to securely match a customer's order through paypal with the customer himself on my website database.
I'll try to explain better: a user wants to buy something from me, but he wants to pay with another paypal account, so email, shipping address, name, surname, etc... could be different.
How can i understand that the data POSTed to my IPN listener belongs to that particoular user, so that i can update my database with his order?
Also, another 2 little questions:
- I created a simple buy now button, and turned on the "optional paypal account" feature for my customers... But when i test it, I still can't pay by credit card. Login to paypal is needed.
- Do you think that a non-encrypted button with IPN verification could be considered secure?
Thanks a lot!