Report suspected vulnerabilities privately to security@makepay.io.

• Store MakePay credentials in SAP Commerce secure configuration.
• Do not expose MakePay key secrets to storefront JavaScript.
• Verify MakePay webhooks before order fulfillment.
• Persist MakePay payment link IDs on payment transaction data for auditability.