If you can do traffic interception, there's a pretty good chance there's going to be traces of price levels in the API and the analytics. Especially since it's probably going to be bolted on to the side of anything PCI compliant. If there isn't, then it's probably going to be really easy to subpoena to prove mens rea, because getting that right is tricky and requires a fair amount of review and coordination.