Hey all. I'm working on a website that will allow users to send virtual tokens to each other. I want to know what steps I can take to prevent unsavory types from hijacking the process and directing virtual tokens to accounts they don't belong in. The best I can could manage to think of was "use PHP or any other server-side code". What else could I do?