If you’re using returnUrl and/or webhookUrl to handle payment or payout results, add quick security checks to prevent bank fraud.
Anti-fraud security checks
- Verify the payment signature:
Use this formula to verify the payment signature:
signature = sha256(paymentId + status + signatureKey)
signatureKeyis unique to your account and ensures the payment result data is authentic.
- Prevent duplicate signatures:
This makes sure the payment result isn’t duplicated. Fraudsters can’t create a valid signature without your signatureKey, but they can intercept a legitimate result and try to resend it. To prevent this, implement duplicate detection:
- Compare the
paymentId of the current order with the one in the payment result.
- Store every
paymentId that has been processed and reject any repeated submissions with the same ID.
Last modified on February 18, 2026
