Tips to beat a website payment page security

[ESCO]

Tips to beat a website payment page security
Some of the tips to help you beat a website’s credit card payment:
1. Look up the Payment Gateway documentation
You want to read the payment gateway documentation provided by the developers of the merchant website. In the documentation, you may find the critical information you can work with to bypass the credit card payment on the merchant site such as:

• Transaction success message
• Transaction success code
• Hash parameters and technique
• Response messages
• Promo code data
• Response code, etc.

If you come across important information such as “transaction success code” and “transaction success message”, try replacing them with the fail response via the intercept tab if you use the Burp Suite tool. Note that this will only work if the merchant website is not validating the “CheckSum Hash”.
2. Consider changing product quantity
Apart from just changing the product price on the credit card page of the merchant website or at the Payment Gateway, you could change the quantity, which reduces the amount you’re charged for the item.
Simply, locate the quantity fields or similar in the captured packets in the Burp Suite software and make changes. For instance:
Quantity = 5 & Price = $ 50 ; Grand total = 5 X 50 = $ 250
Now,
Tamper Quantity = 0.01 & Price = $ 50 ; Grand total = 0.01 X 50 = $ 0.5
If the price is secured with the server-side like this, you try manipulating the quantity to pay way less.
3. Fuzz other parameters
Other parameters you could try fuzzing include:

• Wallet amount
• Promo codes
• Delivery charges

Just look for any parameter involving money and try to tamper—this way, you have bypassed the credit card payment on that website to shop for free.