Are Smart Payment Buttons secure?
Miroslav_Z
Contributor
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on
Feb-05-2021
04:40 AM
Hi,
I added the "Smart" payment buttons to my website. I followed this guide:
https://developer.paypal.com/docs/checkout/integrate/
But it seems to me that there are some security issues:
- Anyone can see your client_id. Your competitors could use it to create fraudulent orders to hurt your business.
- If the order is created and captured on the client, users can easily spoof the order_id. For example, they could re-use one order_id to buy multiple items from different sites.
- The user can even call the actions.order.capture callback directly, without even having paypal account.
And this is not some hard core hacking. Anyone with beginner javascript skills can do this directly in a browser (just press F12 and you can directly edit the javascript code..)
Do you have any tips how to make this more secure? Or shall I just let it go? Maybe it's just normal nowadays - let the "hackers" take what they want for free?
0 REPLIES 0
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
Related Content
- Add Others data in SDKs
- Need help to integrate Advanced Checkout (PPCP) With WHMCS in PayPal Upgrade Community
- Shipping options are not appearing in my cart through link or button. in PayPal Payments Standard
- Change the button from Sandbox to Production in REST APIs
- Issue with Rendering Trustly Payment Button via PayPal JavaScript SDK in SDKs