He tried the same to me but I had Payloadz’s price checking feature turned on so that product delivery to him did not occur. I told him that I thought it would be funny to buy his product for a penny; send him a bunch of emails complaining about the product; and then request a refund for the full price.

photo credit: gutter

I did some searching to see if I could force an echeck on him but it doesn’t appear that that is controlled in the Buy Now button code. I was able to change some of the code and deactivate his product delivery system (at least for my order alone). Anyhow, it was a good lesson in being aware of what’s out there so you don’t lose a few sales to thieves.

There are still several problems with the hack. If the hacker pays with his paypal account or credit card, he has divulged his identity. Who’s going to ship a product if they only receive payment of a penny? It appears the hacker would have to steal someone’s credit card to pull it off and remain anonymous but what’s the point? He’d only be doing a favor to the cardholder by charging a penny per product. I wouldn’t even dignify this little trick by calling it a hack. It’s pretty brainless. In the end, it’s a good argument for encrypting your Buy Now buttons.