[erangalp]

Not sure if "previous successful purchase" is enough of an indicator. If someone can hijack a Paypal account or obtain sensitive credit-card details, you should assume he can also hijack an account on your service.

Glad you liked it, we had to learn most of this stuff the hard way :)

[jib]

Yeah they for sure can. They just don't tend to bother I think. Hijacking an account and the payment method used to pay on that account to go with it is a lot of work to do something you can do with less work.

May be business dependent tho. I guess selling source code means the people interested in defrauding you are fairly tech savvy too.

And yes, really liked it :)