diff --git a/modules/client/back/methods/tpv-transaction/confirm.js b/modules/client/back/methods/tpv-transaction/confirm.js
index 8099475d7..5d04f8a81 100644
--- a/modules/client/back/methods/tpv-transaction/confirm.js
+++ b/modules/client/back/methods/tpv-transaction/confirm.js
@@ -44,13 +44,6 @@ module.exports = Self => {
         for (const param in decodedParams)
             params[param] = decodeURIComponent(decodedParams[param]);
 
-        console.debug('Payment confirmation received:', {
-            signatureVersion,
-            merchantParameters,
-            signature,
-            params
-        });
-
         const orderId = params['Ds_Order'];
         const merchantId = parseInt(params['Ds_MerchantCode']);
 
@@ -69,20 +62,15 @@ module.exports = Self => {
         const cipher = crypto.createDecipheriv('des-ede3-cbc', secretKey, iv);
         cipher.setAutoPadding(false);
         const orderKey = cipher.update(zeroPad(orderId, 8), 'utf8', 'base64')
-            + cipher.final('utf8');
+            + cipher.final();
 
         const res = crypto.createHmac('sha256', Buffer.from(orderKey, 'base64'))
             .update(merchantParameters)
             .digest('base64');
         const base64Res = base64url.encode(res, 'base64');
 
-        // if (base64Res !== signature)
-        //    throw new UserError('Invalid signature');
-
-        console.debug('Payment signature:', {
-            res,
-            base64Res
-        });
+        if (base64Res !== signature)
+            throw new UserError('Invalid signature');
 
         await Self.rawSql(
             'CALL hedera.tpvTransaction_confirm(?, ?, ?, ?, ?, ?)', [