I had a customer say that he had fraudulent charges made to his credit card, and he believes that it was from my online payment mechanism. I use formassembly to pass users over to PayPal. Is there a chance that this linkage could somehow be intercepted or redirect to a fraudulent site posing as PayPal? I am at a loss for how our payment process could've resulted in theft of a person's credit card information. If such a risk does exist, I need to know how to prevent it immediately.
We don't store or process credit card information. When you use our PayPal connector to collect payments, the user is redirected to PayPal where the transaction actually occurs. The credit card information is never revealed to you the form owner, or to us.
It is highly unlikely that the user ended up on a fake 'paypal' website coming from our system. You can however enhance the security of the transaction by encrypting the list of the purchased items (this can be set up in the connector settings). The data can then be decrypted only by PayPal, so a third-party site would not be able to display the content of the shopping cart and the amount to be paid. But again, I'm not aware that such a risk actually exists with our system.
It's possible that this is just a misunderstanding, you should login to your PayPal account to check what you charged to your customer and see if it's related to his complaint. It's also possible that the theft occurred somewhere else.
If you have any further information on this, please let us know.