How do you make PayPal payments secure?


#1

This question is probably very noobish but whatever … Better be safe here!

I am using a PayPal package to receive PayPal payments. The package itself seems to be working just fine, I’ve defined my method on the server to call the PayPal API, so the payment request can only be executed on the server. However, if I ask for the payments details in the payment form, of course the details of the form are available on the client. What prevents someone to hijack the site somehow, get those credit card details from the form and caling the same method?

I’m sure there are additional things I need to do in order to make sure PayPal payments will be safe?
(I am not storing any credit card details in the database by the way)


#2

Can you not have PayPal handle the details on their site? Otherwise, use HTTPS/SSL


#3

Handling it on their site is possible sure, but bad for user experience.

So as long as I’m using a ssl certificate and I make sure that the actual payment call is only available on the server it should be secure? I just want to make sure that nobody can grab something on the client side that they shouldn’t be able to. I’ve never dealt with payments before so I have no experience with this.