PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Security of PayPal payments via Subscription

  1. Will the subscriptions I setup through GF's add-on for PayPal be secure? I ask this because I've seen some hacks where people try to get a cheaper price for things some times. How does GF handle subscriptions, or does it use secure tokens from PayPal that we manually enter and setup with PayPal's subscription area to communicate?

    I need to know if I should hack this up or if it's good as is. It's important to have them charged at the prices we set ;)

    Posted 10 years ago on Thursday November 3, 2011 | Permalink
  2. Scott,
    We understand the need for security when creating these transactions with PayPal. I am not going to claim the system is not hackable, but we have taken considerable amount of time trying to make it as safe as possible. The following security measures are the highlights.

    1- Gravity Forms pricing fields have a built-in hash validation that prevents users from spoofing the prices before the request is sent to PayPal.

    2- When the IPN is received by Gravity Forms, we follow PayPal's security guidelines to ensure the IPN is valid. That includes sending the entire request back to PayPal for validation from them.

    As you know, we are always open to new ideas and if you know of a better/safer way to process these transactions, please let us know about it.

    Posted 10 years ago on Friday November 4, 2011 | Permalink
  3. Great explanation, feel much more comfortable now!

    Posted 10 years ago on Saturday November 5, 2011 | Permalink
  4. Thanks Scott. I'll let Alex know.

    Posted 10 years ago on Saturday November 5, 2011 | Permalink

This topic has been resolved and has been closed to new replies.