1

I'm developing a mobile app using Flutter for UI and Square to manage payments.

I read that a nonce is a one-time token representing the costumer credit card information.

I'm wondering if there is a way to generate a nonce only for a specific amount. If the server when completing the payment asks for more the payment won't complete.

The issue I'm afraid of is that the costumers thinks he payed for a certain amount but the server can ask for any amount, I think limiting the amount when creating the nonce would be a very cool security feature.

How the nonce works isn't very clear to me so maybe this isn't possible for some reason.

How can I avoid issues such the one from above?

Tommimon
  • 131
  • 1
  • 12
  • The `nonce` is simply an encrypted value that holds the card information. It does not hold anything about an amount. It is up to the server to provide the amount. If the server is providing a different amount than the one advertised to your customer, then it sounds like you have a much larger problem at hand. This would be the same issue as handing your card over at a restaurant and they charge a different amount than you were expecting. Your server should know how much the customer is expecting to be charged. – sjosey Oct 05 '20 at 17:04
  • Thanks for clearing this up, of course the server must charge the same amount the costumer sees on the screen and it does. I was just wondering if there is a super secure way to double check this and prevent any possible code mistake. – Tommimon Oct 10 '20 at 20:29

0 Answers0