diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php
index a0e6a1854fd..b71dd2df499 100644
--- a/htdocs/public/payment/newpayment.php
+++ b/htdocs/public/payment/newpayment.php
@@ -292,7 +292,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
 	} else {
 		$token = $conf->global->PAYMENT_SECURITY_TOKEN;
 	}
-	if ($SECUREKEY != $token && $SECUREKEY != $tokenoldcompat) {
+	if ($SECUREKEY != $token && (empty($tokenoldcompat) || $SECUREKEY != $tokenoldcompat)) {
 		if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) {
 			$valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility
 		} else {