diff --git a/uc_dps_pxaccess.module b/uc_dps_pxaccess.module
index 59e9581..f981163 100755
--- a/uc_dps_pxaccess.module
+++ b/uc_dps_pxaccess.module
@@ -299,11 +299,11 @@ function uc_dps_pxaccess_callback_process() {
 
   // @TODO we really shouldn't use $_REQUEST here - it's in $_GET, right? not that $_REQUEST
   // is any harder to fake than $_GET but still ... :)
-  if (isset($_REQUEST["result"])) {
+  if (isset($_GET['result'])) {
     module_load_include('inc', 'uc_dps_pxaccess', 'pxaccess');
     $pxaccess = new PxAccess(variable_get('uc_dps_pxaccess_server', ''), variable_get('uc_dps_pxaccess_userid', ''), variable_get('uc_dps_pxaccess_key', ''), variable_get('uc_dps_pxaccess_mac_key', ''));
        
-    $enc_hex = $_REQUEST["result"];
+    $enc_hex = $_GET["result"];
     
     // getResponse method in PxAccess object returns PxPayResponse object 
     // which encapsulates all the response data
@@ -378,6 +378,11 @@ function uc_dps_pxaccess_callback_process() {
       $output = theme("uc_dps_pxaccess_returnpage_output_declined", $result, $txn);  
     }
   }
+  else {
+    watchdog('uc_dps_pxaccess', 'Invalid $_GET data: <pre>!get</pre>', array('!get' => print_r($_GET,1)), WATCHDOG_ERROR);
+    drupal_set_message(t('Invalid payment data supplied. Please contact us for assistance.'));
+    $output = theme("uc_dps_pxaccess_returnpage_output_declined", NULL, NULL);  
+  }
   return $output;  
 }