As technology evolves, so do security practices. HTML forms, including PayPal buttons, can be manipulated with browser inspection tools straight out of the box, allowing malicious users to change price points and other important form data before sending it off for processing.
This can result in someone getting a $100 item for $1, and if you are not on top of your accounting, it could go unnoticed for quite some time. If you run a SaaS platform, you may have users accessing your premium content for pennies on the dollar.
To combat this, you can create checkout validation on the backend to inspect your data before sending it to PayPal. This allows you to control your sensitive information and validate your pricing structures before they pay.
Note: In this particular example, we are using PayPal, but the principles may still apply to other payment processors. We are also using PHP for the backend, but you can use several other web stacks using the same approach.
Step 1: Simplify the Checkout Form to Gather Essential User Information
Strip down your PayPal button to gather only vital data from users, such as item number and amount. Conceal technical details like merchant ID, IPN notifications, and return URL on the backend to shield them from browser inspection tools. By minimizing the visible form fields, you enhance security and reduce the risk of manipulation.
A typical PayPal button with no security:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="notify_url" value="Your Notify URL">
<input type="hidden" name="business" value="Your Merchant ID">
<input type="hidden" name="item_number" value="Your Item">
<input type="hidden" name="qty" value="User QTY">
<input type="hidden" name="amount" value="100.00">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="return" value="Your Return Url">
...More...
<button type="submit">Checkout</button>
</form>
A more secure “stripped down” PayPal pre-processor form:
<form action="Your Checkout Validation URL" method="post">
<input type="hidden" name="qty" value="User Qty">
<input type="hidden" name="item_number" value="Your Item">
...More...
<button type="submit">Checkout</button>
</form>
Step 2: Implement a Validation Script on the Backend
In this step, we utilize PHP to gather user input, validate it, and incorporate necessary technical details.
Ideally, you request a unique item number from users, which can then be cross-referenced against your database to retrieve item details. Depending on your code structure, you might also need to generate item name, price, tax rate, etc., from your form.
While this is an acceptable practice, ensure a mechanism is in place to verify the price against the corresponding item for added security.
Collect the User Data:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$error = NULL;
// Validate user input
$itemNumber = $_POST['item_number'];
$itemName = $_POST['item_name'];
$price = $_POST['amount'];
// Check the data against your database
if($itemName == "itemA" && $price != 100.00){$error = "Invalid Price;"}
// More Checks
// Redirect Back to Checkout on Errors
if($error){header("Location: checkout.php"; exit();}
...
Step 3: Finalize the Transaction Process
Once the user input has been validated and confirmed, proceed to redirect them to PayPal for payment processing. However, if any validation errors occur, simply redirect the user back to the checkout screen, accompanied by a clear message detailing the encountered error.
All of the technical details are handled here rather than being exposed on the frontend HTML form.
Package the data and send to PayPal
...
// Once validation is complete. Package data and send to PayPal
$paypal_data = array(
'notify_url' => 'YOUR IPN',
'business' => 'YOUR MERCHANT ID',
'item_number' => $itemNumber,
'currency_code' => 'USD',
'cmd' => '_xclick',
'button_subtype' => 'services',
'item_name' => $itemName,
'amount' => $price,
'tax_rate' => $taxRate,
'return' => 'YOUR COMPLETE URL',
'cancel_return' => 'YOUR CANCEL URL',
...MORE DATA...
);
// Redirect to PayPal with the data using GET
$paypal_url = 'https://www.paypal.com/cgi-bin/webscr?' . http_build_query($paypal_data);
header("Location: $paypal_url");
exit;
} else {
// Handle if the form is not submitted
header("Location: checkout.php"); // Redirect back to the form
exit;
}
That’s It!
In summary, by implementing these steps, you can improve the security of standard PayPal checkout buttons for your website, safeguarding against potential manipulation and ensuring smooth transactions for your customers.