We are a merchant from Russia, we operate an online casino. We are working hard to let our customers use their favorite payment systems to make deposits and receive their winnings instantly.

After working with several payment systems, we have decided to add support for IntGold payment option. Little did we know!

The IntGold merchant API seemed very insecure to us right from the start. Just because we have a very solid experience in security area of online payments, we have noticed a serious security breach in their API: the test payment transactions (see https://intgold.com/membersonly/testshoppingcart.shtml) were no different than REAL payment transaction notifications! So, any hackers could corrupt payment form to make payment in TEST mode, and the merchant script would consider that this was REAL payment. Given that merchant has an instant withdrawal option, the merchant could lose the entire account balance through this breach.

We have notified their tech department about it, and happily they managed to fix it.

Some time passed, and we have bad news coming - some hacker stole $1,000 from our merchant account using a very simple security breach, which we haven't noticed before.

IntGold merchant API has a very weak protection of payment notification from corruption. Normally, a sane payment system calculates a HASH of all fields in the payment notification plus some secret merchant key. This allows to make sure that the fields in the notification were not corrupted. IntGold, though, does not do that, and it sends secret merchant key unencrypted and plain! Anyone can simply change the STATUS URL in the payment form to his own custom script and thus receive a merchant key. Once someone has merchant key, he can easily corrupt the payment form and merchant script will not even notice that the form was corrupted! The script will believe that the corrupted form was REAL.

So, once we have realized what happened, we contacted IntGold support and asked them to help us return stolen $1,000. They promised us to help and assured that they'll return us the money. Their developers refused to fix the security breach using our suggestion, though. But now it didn't matter - after a couple days of silence from them, we've found out that our merchant account was LOCKED and we were unable to make spends from it.

Our customers started to complain because they were not able to withdraw their funds.

When we contacted IntGold again, they told us that due to high percent of fraudulent transactions on our account, they have started investigation and they intend to close our account. Let me explain here - by fraudulent transaction they meant that some hackers who stole money from IntGold customers, have spent those stolen funds by depositing into our casino.

Now we would thought that the most reasonable thing to do about it would be IMPROVING security of IntGold payment system so that hackers would be not able to stole funds from customers. Instead of improving security, they are closing a merchant account who did nothing wrong except deciding to become IntGold merchant and do business!

We were shocked by such attitude, during all of our business, we have not seen such attitude from any payment system.

IntGold promised to refund us our outstanding account balance after their investigation is done. We patiently waited and periodically contacted them to see how investigation is going. But, when the due date passed and we have not been contacted by IntGold, we became worried. After phone call, they said us to patiently wait until investigation is over. That was strange because each time they said it would be finished next week, and next week the same thing repeated and on and on.

The bottom line is that WE NEVER GOT ANY REFUND. IntGold is completely ignoring our questions about refund and we cannot do anything. We have lost $3,500 which they didn't refund and $1,000 which were stolen by hacker through IntGold security breach.

It is up to you to decide if you want to become an IntGold's customer or merchant, but we STRONGLY do not recommend to do any business with them. IntGold is a scam.