We are in the process of implementing a payment page using the Hosted Pay Page solution. In terms of security, would it make any sense to use a combination of Data Preload and another? Such as Data preload + Transaction verification or Data preload + Asynchronous? Does adding a second one provide another layer of security to the payment page or not really?
For the Data preload, we are sending the request from the server so that the hpp_key and the charge amount is not exposed on the browser.
Any feedback will be appreciated.