This question is probably very noobish but whatever … Better be safe here!
I am using a PayPal package to receive PayPal payments. The package itself seems to be working just fine, I’ve defined my method on the server to call the PayPal API, so the payment request can only be executed on the server. However, if I ask for the payments details in the payment form, of course the details of the form are available on the client. What prevents someone to hijack the site somehow, get those credit card details from the form and caling the same method?
I’m sure there are additional things I need to do in order to make sure PayPal payments will be safe?
(I am not storing any credit card details in the database by the way)