One of my clients has a MODX/Foxycart installation with checkout happening via Paypal.
She received this email from a customer today:
Why do you need to know my billing address if I'm checking out using PayPal? PayPal sends you the money and my delivery address details. Giving your site my personal details seems excessive in this case. This is very disappointing.
And then a second email from the same person:
As it turns out I also have to give you a shipping address. Whats the point of checking out as GUEST when I have to give you all my personal details (except Credit Card)? Sony couldnt protect my details so I have little faith you can either. I was gonna recommend your site but until you fix the OBVIOUS security problem.
Is there anything I should have set up differently? Does the customer have a reasonable case? My client is not impressed by the person's agressive tone and wants to cancel their order anyway, but from a general point of view is there anything I should be doing differently with the set-up? This is the first time this kind of query has arisen.
Thanks for your help!