Search the Community
Showing results for tags 'flaw'.
Found 1 result
I apologize if it's the wrong section, I don't know which other section this question would belong in and it is the most popular section on the forum. Say I have a site where users are can purchase "packages" and to do so, they are sending payments directly to the company using a payment processor. The company tracks all the payments in the back-end. The users are also able to see their earnings, balance and withdrawals. Normally a user can make a withdrawal request and the company will send that user his earning balance. After the user receives his earnings in his bank account, he can go back to the site and purchase a new package. That's all great. But what if I want to give an option to the users where they can use the earnings in their account on the site to purchase a new package, instead of going through a payment processor? For e.g. I have $100 as my earning balance in my site's account. And the package I want to purchase is $50. I can simply purchase that package using the $100 I have in my account, instead of making a withdrawal request and wait for the $100 to show up in my bank account and then I go back to the site and purchase that package using a payment processor, as I did originally. I am wondering, if I give users that option, do I need to worry about anything security wise? Is that a wise option to give or should I just stick to payment processor for all user payments? *note I am not asking how to code it.