Some documentation and references interchangeably use the various meanings, which is very confusing to all concerned.This confusion directly causes continuing financial loss to the organization.
Otherwise, you are allowing attackers to repeatedly attack your application until they find a vulnerability that you haven't protected against.
Detecting attempts to find these weaknesses is a critical protection mechanism.
Integrity checks must be included wherever data passes from a trusted to a less trusted boundary, such as from the application to the user's browser in a hidden field, or to a third party payment gateway, such as a transaction ID used internally upon return.
The type of integrity control (checksum, HMAC, encryption, digital signature) should be directly related to the risk of the data transiting the trust boundary. However, validation should be performed as per the function of the server executing the code.
Data from the client should never be trusted for the client has every possibility to tamper with the data.
In many cases, Encoding has the potential to defuse attacks that rely on lack of input validation.