Note: The information and/or technique provided is simply an example to illustrate how easy it is for anyone to access your products without paying for them. I am not responsible if you use or someone else uses the information with criminal intent.
When you use PayPal to sell digital products your typical PayPal source code will look like this:
< form action="https://www.paypal.com/cgi-bin/webscr"
method="post">
< input type="hidden" name="cmd" value="_xclick">
< input type="hidden" name="business"
value="youremail@yourdomain.com">
< input type="hidden" name="item_name" value="your product name">
< input type="hidden" name="item_number" value="001">
< input type="hidden" name="amount" value="29.95">
< input type="hidden" name="no_shipping" value="1">
< input type="hidden" name="return" value="http://www.yourdomain.com/download.html">
< input type="hidden" name="cancel_return" value="http://www.yourdomain.com">
I have bolded the section of the code that has your download link. This gives the web address of the page the customer will be sent to by PayPal once the payment has been accepted.
If you don't encrypt your source code it's very easy for anyone to steal your products at any time without your knowledge.
Here's the scenario:
- Mr/Ms. Cyber-Thief visits your web site and he/she is interested in your digital product(s).
- They decide to just take it without paying
- They simply view your html code searching for your PayPal source code
- They find your "return url" (bolded example above) in the code
- They just cut and paste the "return url" in their browser
- They've bypassed the payment process altogether... now they're at your download page taking whatever they want!
I can personally guarantee that if your PayPal source code is unsecure people are stealing your products... the entire process takes less than 30 seconds and is virtually undetected!
There are several other ways that a cyber-thief can steal your digital products but I will not disclose them here. The illustration above is the most common and easiest method to exploit the PayPal security hole.
Now is the time to act and protect your products and profits!
You can choose to ignore the problem or you can take preventive steps to secure your profits!
If you like the idea of selling digital products on the Internet and love the concept of being paid instantly you must protect your PayPal source code.
The decision to want to protect your products and secure your profits should be a no-brainer!
To Your Success,
Charles & Susan Truett
Partners in Success Ezine
PayLock Generator - Copyright © 2002,2003 - All Rights Reserved
A Division of SalesTipz.com - Washington, DC 20005 USA
|