The White Paper On...

The common problem with all HTML encoding/encrypting solutions is this: HTML is meant to be machine/software readable. HTML was designed that way in order to let your visitors see the page no matter what machine they're on and no matter what browser they're using. There is only so far you can go with encoding and still keep the page available to any visitor.

Sure there are more secure methods, but not without password protection, or key sharing - which means only pre-selected people have access to your page. These just don't work for a web page you want everyone to be able to see and order from, even if they just found your site while searching and never heard of you before. Do you want them to leave because they don't have a password - of course not.

So, encoding your sensitive information is a good first line of defense -- it protects your data from the human eye, it makes 'snooping' much less easy, even impossible for most casual visitors. On the other hand, encoding your entire HTML source is a nuisance - it bloats your pages, slows loading time, and is no more effective than simply encoding only the information you need to protect.

•Fact:

2001, International Intellectual Property Alliance Report Pirated software as a percent of all software sold in 2000 - the worst offenders: Ukraine 90% China 93% Paraguay 82% Indonesia 87% Russian Fed 89% The percentage rose to 99% in all 5 countries for game software. This means 99% of all game software sold in these countries was pirated.

But, for the hardcore thief who is looking to steal your stuff and has a cadre of software tools waiting in the wings, there is no HTML encoding/encrypting solution on the market today that will be enough to stop them. The startling facts obtained by the Intellectual Property Alliance tell the story.

If you have the expertise and the money, you should complement your encoding solution with a 'backend' server-side script solution that double checks the accuracy of any transaction before the merchandise is made avaliable to the supposed purchaser.

With PayPal this is done via IPN. But, IPN is not easy to set up, is not easy to test. So, unless you are willing to invest the time (if you have the expertise), or the money (if you need to have someone do the IPN integration for you), and wait until the whole process is set up -- encoding is your only option to provide a first level of protection. e-Z PayPal Seller Shield makes the job of encoding your buttons quick and easy. There is no more effective encoding solution available today.

Is it 100% foolproof - no. Does it keep your button data hidden from the casual human 'source viewer' - yes. Is it easy to use - yes. Is it something anyone can add no matter their level of expertise - yes. Is this the only solution you will ever need - probably not.

But, it is definitely 100% better than doing nothing. Sort of like locks on cars. It may not be perfect and some people will figure out how to break in anyway, but you have to start somewhere.