The client wants a payment page that anyone can browse to, put in their information and id from a previous registration, and make a payment. The problem is that the id is from a different system and I wont have access to the information before hand.
This would be the first time we allow payments without authentication. Is this too risky to becoming exploited? Could people use this for malicious purposed? (Using my page to check whether stolen cards are blocked etc).
Thanks!
