Hi Hans,
Yes, If the code in unencrypted, you can see the price and description
fields in the HTML source code ... all someone would have to do is
copy/paste the form code for the button, then submit the form with
whatever price they choose. For physical products or low-risk
transactions, you're fine from a practical perspective. For digital
(instant) downloads or high-risk activities (selling high value
electronics, etc.), though, you definitely want to use PayPal's
encrypted buttons. As long as the store owner will be diligent when
reviewing and processing orders, worst case is the inconvenience of
having to refund and cancel any orders where the payment doesn't match
the price.
However, another important piece of information in the unencrypted
PayPal button code is the vendor email address they use with their
PayPal ... that email address will get scraped by spambots and opens the
door for hackers / phishers.
Russ
On 14/07/2011 3:35 AM, Hans wrote:
Does it mean a customer can submit a payment (to Paypal) for an item with
a changed price? I can see that this may not be noticed by the seller
if he does not verify the amount paid to what is really asked.
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
